diff options
Diffstat (limited to 'kubernetes/so/components')
148 files changed, 9393 insertions, 0 deletions
diff --git a/kubernetes/so/components/Makefile b/kubernetes/so/components/Makefile new file mode 100644 index 0000000000..4bf77eecf1 --- /dev/null +++ b/kubernetes/so/components/Makefile @@ -0,0 +1,50 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := soHelpers +HELM_CHARTS := soHelpers $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then helm lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi + @helm repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/so/components/so-appc-orchestrator/Chart.yaml b/kubernetes/so/components/so-appc-orchestrator/Chart.yaml new file mode 100644 index 0000000000..ab2bad332a --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: A Helm chart for so appc orchestrator +name: so-appc-orchestrator +version: 6.0.0 diff --git a/kubernetes/so/components/so-appc-orchestrator/requirements.yaml b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..9b6fb26d61 --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/resources/config/overrides/override.yaml @@ -0,0 +1,57 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + ssl-enable: false +mso: + logPath: ./logs/soappcorch + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}} + msoKey: {{ .Values.global.app.msoKey }} + config: + {{ if .Values.global.security.aaf.enabled }} + cadi: {{ include "so.cadi.keys" . | nindent 8}} + {{- else }} + cadi: + aafId: {{ .Values.mso.basicUser }} + {{- end }} + workflow: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine + topics: + retryMultiplier: 1000 +appc: + client: + topic: + read: + name: {{ .Values.appc.client.topic.read.name }} + timeout: {{ .Values.appc.client.topic.read.timeout }} + write: {{ .Values.appc.client.topic.write }} + sdnc: + read: {{ .Values.appc.client.topic.sdnc.read }} + write: {{ .Values.appc.client.topic.sdnc.write }} + response: + timeout: {{ .Values.appc.client.response.timeout }} + key: {{ .Values.appc.client.key }} + secret: {{ .Values.appc.client.secret }} + service: ueb + poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904 +spring: + security: + usercredentials: + - + username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml new file mode 100755 index 0000000000..cfa106adaf --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml new file mode 100644 index 0000000000..f0615ad56a --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/templates/deployment.yaml @@ -0,0 +1,93 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - name: {{ include "common.name" . }}-pass-encoder + command: + - sh + args: + {{/* bcrypt plain text and convert to OpenBSD variant using sed */}} + - -c + - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded; + env: + - name: ACTUATOR_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }} + image: {{ .Values.global.dockerHubRepository }}/{{ .Values.global.htpasswdImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: encoder + mountPath: /tmp/app + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - | + export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)" + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + /app/start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: ACTUATOR_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: {{- include "common.containerPorts" . | nindent 10 }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: encoder + mountPath: /tmp/app + - name: config + mountPath: /app/config + readOnly: true +{{ include "so.helpers.livenessProbe" .| indent 8 }} + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: encoder + emptyDir: + medium: Memory + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml b/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml new file mode 100644 index 0000000000..fc3e2879ce --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-appc-orchestrator/values.yaml b/kubernetes/so/components/so-appc-orchestrator/values.yaml new file mode 100644 index 0000000000..7570116fd5 --- /dev/null +++ b/kubernetes/so/components/so-appc-orchestrator/values.yaml @@ -0,0 +1,167 @@ +# Copyright © 2020 AT&T USA +# Copyright © 2020 Huawei +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# + +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + envsubstImage: dibi/envsubst + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + persistence: + mountPath: /dockerdata-nfs + htpasswdImage: xmartlabs/htpasswd + dockerHubRepository: docker.io + security: + aaf: + enabled: false + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: server-actuator-creds + name: '{{ include "common.release" . }}-so-appc-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-appc-orchestrator:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +server: + actuator: + username: mso_admin + password: password1$ +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8080 +logPath: ./logs/soappcorch +app: appc-orchestrator +service: + name: so-appc-orchestrator + type: ClusterIP + ports: + - port: *containerPort + name: http +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +# Resource Limit flavor -By Default using small +flavor: small + + +################################################################# +# soHelper part +################################################################# + +soHelpers: + nameOverride: so-appc-cert-init + certInitializer: + nameOverride: so-appc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort + +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8083 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} + +auth: + rest: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + +mso: + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + basicUser: poBpmn + +appc: + client: + topic: + read: + name: APPC-LCM-WRITE + timeout: 360000 + write: APPC-LCM-READ + sdnc: + read: SDNC-LCM-WRITE + write: SDNC-LCM-READ + response: + timeout: 3600000 + key: VIlbtVl6YLhNUrtU + secret: 64AG2hF4pYeG2pq7CT6XwUOT + service: ueb diff --git a/kubernetes/so/components/so-bpmn-infra/Chart.yaml b/kubernetes/so/components/so-bpmn-infra/Chart.yaml new file mode 100755 index 0000000000..faba23eb16 --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for SO Bpmn Infra +name: so-bpmn-infra +version: 6.0.0 diff --git a/kubernetes/so/components/so-bpmn-infra/requirements.yaml b/kubernetes/so/components/so-bpmn-infra/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..4429bd9f46 --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/resources/config/overrides/override.yaml @@ -0,0 +1,388 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + dme2: + timeout: '30000' + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + workflowAaiDistributionDelay: PT30S + pnfEntryNotificationTimeout: P14D +cds: + endpoint: cds-blueprints-processor-grpc + port: 9111 + auth: {{ .Values.cds.auth }} + timeout: 600 +camunda: + bpm: + admin-user: + id: admin + password: admin + history-level: full + job-execution: + max-pool-size: 30 + core-pool-size: 3 +entitymanager: + packagesToScan: com +pnf: + dmaap: + host: message-router + port: 3904 + protocol: http + uriPathPrefix: events + topicName: unauthenticated.PNF_READY + consumerGroup: consumerGroup + consumerId: consumerId + topicListenerDelayInSeconds: 5 +bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081 +msb-ip: msb-iag +msb-port: 80 +mso: + rainyDay: + retryDurationMultiplier: 2 + maxRetries: 5 + msoKey: {{ .Values.mso.key }} + correlation: + timeout: 60 + logPath: logs + config: + cadi: {{ include "so.cadi.keys" . | nindent 8}} + async: + core-pool-size: 50 + max-pool-size: 50 + queue-capacity: 500 + adapters: + completemsoprocess: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess + requestDb: + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}} + db: + auth: {{ .Values.mso.adapters.db.auth }} + password: {{ .Values.mso.adapters.db.password }} + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter + spring: + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + network: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/NetworkAdapter + rest: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/networks + openecomp: + db: + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter + po: + auth: {{ .Values.mso.adapters.po.auth }} + sdnc: + endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter + rest: + endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/v1/sdnc + timeout: PT60M + tenant: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/TenantAdapter + vnf: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAdapter + rest: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/vnfs + volume-groups: + rest: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/rest/v1/volume-groups + vnf-async: + endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync + vfc: + rest: + endpoint: http://so-vfc-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter + workflow: + message: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + nssmf: + endpoint: http://so-nssmf-adapter.{{ include "common.namespace" . }}:8088 + oof: + endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/v1 + timeout: PT5M + callback: + endpoint: http://so-oof-adapter.{{ include "common.namespace" . }}:8090/so/adapters/oof/callback/v1 + bpmn: + process: + historyTimeToLive: '30' + callbackRetryAttempts: '5' + catalog: + db: + endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082/ecomp/mso/catalog + spring: + endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 + db: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + default: + adapter: + namespace: http://org.onap.mso + healthcheck: + log: + debug: 'false' + infra: + endpoint: + url: http://so.{{ include "common.namespace" . }}:8080/onap/so/infra + customer: + id: testCustIdInfra + po: + timeout: PT60M + request: + db: + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/ + rollback: 'true' + sdnc: + password: {{ .Values.mso.sdnc.password }} + service: + agnostic: + sniro: + endpoint: /sniro/api/v2/placement + host: http://sniro-emulator:80 + site-name: CamundaEngine + sniro: + auth: {{ .Values.mso.sniro.auth }} + callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify + endpoint: {{ .Values.mso.sniro.endpoint }} + timeout: PT30M + oof: + auth: {{ .Values.mso.oof.auth }} + callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 + timeout: PT30M + workflow: + CreateGenericVNFV1: + aai: + volume-group: + uri: /aai/v6/cloud-infrastructure/volume-groups/volume-group + default: + aai: + version: '14' + cloud-region: + version: '14' + generic-vnf: + version: '14' + v14: + customer: + uri: /aai/v14/business/customers/customer + generic-query: + uri: /aai/v14/search/generic-query + generic-vnf: + uri: /aai/v14/network/generic-vnfs/generic-vnf + l3-network: + uri: /aai/v14/network/l3-networks/l3-network + network-policy: + uri: /aai/v14/network/network-policies/network-policy + nodes-query: + uri: /aai/v14/search/nodes-query + route-table-reference: + uri: /aai/v14/network/route-table-references/route-table-reference + tenant: + uri: /aai/v14/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant + vce: + uri: /aai/v14/network/vces/vce + vpn-binding: + uri: /aai/v14/network/vpn-bindings/vpn-binding + sp-partner: + uri: /aai/v14/business/sp-partners/sp-partner + device: + uri: /aai/v14/network/devices/device + v11: + customer: + uri: /aai/v11/business/customers/customer + generic-query: + uri: /aai/v11/search/generic-query + generic-vnf: + uri: /aai/v11/network/generic-vnfs/generic-vnf + l3-network: + uri: /aai/v11/network/l3-networks/l3-network + network-policy: + uri: /aai/v11/network/network-policies/network-policy + nodes-query: + uri: /aai/v11/search/nodes-query + route-table-reference: + uri: /aai/v11/network/route-table-references/route-table-reference + tenant: + uri: /aai/v11/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant + vce: + uri: /aai/v11/network/vces/vce + vpn-binding: + uri: /aai/v11/network/vpn-bindings/vpn-binding + v8: + configuration: + uri: /aai/v11/network/configurations/configuration + customer: + uri: /aai/v8/business/customers/customer + generic-query: + uri: /aai/v8/search/generic-query + l3-network: + uri: /aai/v8/network/l3-networks/l3-network + network-policy: + uri: /aai/v8/network/network-policies/network-policy + nodes-query: + uri: /aai/v8/search/nodes-query + route-table-reference: + uri: /aai/v8/network/route-table-references/route-table-reference + tenant: + uri: /aai/v8/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne/tenants/tenant + vce: + uri: /aai/v8/network/vces/vce + vpn-binding: + uri: /aai/v8/network/vpn-bindings/vpn-binding + v9: + cloud-region: + uri: /aai/v9/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner + generic-vnf: + uri: /aai/v9/network/generic-vnfs/generic-vnf + retry: + attempts: '1' + deleteCinderVolumeV1: + aai: + volume-group: + uri: /aai/v6/cloud-infrastructure/volume-groups/volume-group + global: + default: + aai: + namespace: http://org.onap.aai.inventory/ + version: 14 + message: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + notification: + name: GenericNotificationServiceATT + sdnc: + replication: + delay: PT60S + sdncadapter: + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService + vnfadapter: + create: + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify + delete: + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify + query: + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify + rollback: + callback: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/vnfAdapterNotify + use: + qualified: + host: false + global: + dmaap: + username: testuser + password: alRyMzJ3NUNeakxl + host: http://10.42.111.36:904 + publisher: + topic: replaceme + naming: + endpoint: http://naming.demo.onap.com:8081/web/service/v1/genNetworkElementName + auth: Basic bTA0NzY4QG5vbi1wcm9kLm1zby5lY29tcC5hdHQuY29tOkF0dG0wNDc2OExpZmUhQA== +policy: + auth: Basic dGVzdHBkcDphbHBoYTEyMw== + default: + disposition: Skip + client: + auth: Basic bTAzNzQzOnBvbGljeVIwY2sk + endpoint: http://pdp.{{ include "common.namespace" . }}:8081/pdp/api/ + environment: TEST +sdnc: + auth: Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== + host: http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }} + path: /restconf/operations/GENERIC-RESOURCE-API + si: + svc: + types: PORT-MIRROR,PPROBE + dmaap: + host: http://message-router.{{ include "common.namespace" . }}:3904 + timeout: 30000 + lcm: + path: '/restconf/operations/LCM:' + actionTimeout: 300000 + dmapp: + readTopic: SDNC-LCM-WRITE + writeTopic: SDNC-LCM-READ +appc: + client: + topic: + read: + name: APPC-LCM-WRITE + timeout: 360000 + write: APPC-LCM-READ + sdnc: + read: SDNC-LCM-WRITE + write: SDNC-LCM-READ + response: + timeout: 360000 + key: VIlbtVl6YLhNUrtU + secret: 64AG2hF4pYeG2pq7CT6XwUOT + service: ueb + poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904 +sniro: + conductor: + enabled: true + host: http://sniro-emulator:80 + uri: /v1/release-orders + headers.auth: Basic dGVzdDp0ZXN0cHdk + manager: + timeout: PT30M + host: http://sniro-emulator:80 + uri.v1: /sniro/api/v2/placement + uri.v2: /sniro/api/placement/v2 + headers.auth: Basic dGVzdDp0ZXN0cHdk + headers.patchVersion: 1 + headers.minorVersion: 1 + headers.latestVersion: 2 +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 +spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: bpmn-pool + registerMbeans: true + security: + usercredentials: + - + username: apihBpmn + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPMN-Client + - + username: sdncaBpmn + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPMN-Client + - + username: poBpmn + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPMN-Client + - + username: wmaBpmn + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPMN-Client + - + username: sniro + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: SNIRO-Client + - + username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR +so: + vnfm: + adapter: + url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/ + auth: {{ .Values.so.vnfm.adapter.auth }} +org: + onap: + so: + cloud-owner: CloudOwner diff --git a/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml new file mode 100755 index 0000000000..747941610f --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/templates/configmap.yaml @@ -0,0 +1,49 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} + diff --git a/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml new file mode 100755 index 0000000000..de76901865 --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/templates/deployment.yaml @@ -0,0 +1,140 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml b/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-bpmn-infra/templates/service.yaml b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml new file mode 100755 index 0000000000..6711c3b2e7 --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-bpmn-infra/values.yaml b/kubernetes/so/components/so-bpmn-infra/values.yaml new file mode 100755 index 0000000000..b6f315aa3d --- /dev/null +++ b/kubernetes/so/components/so-bpmn-infra/values.yaml @@ -0,0 +1,164 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 + security: + aaf: + enabled: false + aaf: + auth: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + + + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/bpmn-infra:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +aai: + auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885 + +cds: + auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw== + +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + db: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + password: wLg4sjrAFUS8rfVfdvTXeQ== + po: + auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF + sdnc: + password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F + sniro: + auth: test:testpwd + oof: + auth: test:testpwd +so: + vnfm: + adapter: + auth: Basic dm5mbTpwYXNzd29yZDEk +sniro: + endpoint: http://replaceme:28090/optimizationInstance/V1/create + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8081 +logPath: ./logs/bpmn/ +app: so-bpmn-infra +service: + type: ClusterIP + internalPort: *containerPort + externalPort: 8081 + portName: so-bpmn-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-bpmn-cert-init + certInitializer: + nameOverride: so-bpmn-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.bpmnPerm + containerPort: *containerPort + + +# Resource Limit flavor -By Default using small +flavor: large +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml new file mode 100755 index 0000000000..8c5a846df9 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for so-catalog-db-adapter +name: so-catalog-db-adapter +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..f267d86b29 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,101 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 +ssl-enable: false +mso: + logPath: logs + site-name: onapheat + config: + cadi: {{ include "so.cadi.keys" . | nindent 8}} + catalog: + db: + spring: + endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 + db: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}} +spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: catdb-pool + registerMbeans: true + security: + usercredentials: + - + username: bpel + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPEL-Client + - + username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR +#Actuator +management: + context-path: /manage +cloud_config: + identity_services: + RAX_KEYSTONE: + identity_url: "https://identity.api.rackspacecloud.com/v2.0" + mso_id: "RACKSPACE_ACCOUNT_ID" + mso_pass: "RACKSPACE_ACCOUNT_APIKEY" + admin_tenant: "{{ .Values.config.openStackServiceTenantName }}" + member_role: "admin" + tenant_metadata: true + identity_server_type: "KEYSTONE" + identity_authentication_type: "RACKSPACE_APIKEY" + project_domain_name: "PROJECT_DOMAIN_NAME" + user_domain_name: "USER_DOMAIN_NAME" + DEFAULT_KEYSTONE: + identity_url: "{{ .Values.config.openStackKeyStoneUrl }}" + mso_id: "{{ .Values.config.openStackUserName }}" + mso_pass: "{{ .Values.config.openStackEncryptedPasswordHere }}" + admin_tenant: "{{ .Values.config.openStackServiceTenantName }}" + member_role: "admin" + tenant_metadata: true + identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}" + identity_authentication_type: "USERNAME_PASSWORD" + project_domain_name: "{{ .Values.config.openStackProjectDomainName }}" + user_domain_name: "{{ .Values.config.openStackUserDomainName }}" + cloud_sites: + Dallas: + region_id: "DFW" + clli: "DFW" + aic_version: "2.5" + identity_service_id: "RAX_KEYSTONE" + Northern Virginia: + region_id: "IAD" + clli: "IAD" + aic_version: "2.5" + identity_service_id: "RAX_KEYSTONE" + Chicago: + region_id: "ORD" + clli: "ORD" + aic_version: "2.5" + identity_service_id: "RAX_KEYSTONE" + RegionOne: + region_id: "RegionOne" + clli: "RegionOne" + aic_version: "2.5" + identity_service_id: "DEFAULT_KEYSTONE" + DEFAULT: + region_id: "{{ .Values.config.openStackRegion }}" + clli: "{{ .Values.config.openStackRegion }}" + aic_version: "2.5" + identity_service_id: "DEFAULT_KEYSTONE" diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..d351be32fc --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/configmap.yaml @@ -0,0 +1,40 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..159d2e7f13 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml new file mode 100755 index 0000000000..6711c3b2e7 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-catalog-db-adapter/values.yaml b/kubernetes/so/components/so-catalog-db-adapter/values.yaml new file mode 100755 index 0000000000..2fadf41e01 --- /dev/null +++ b/kubernetes/so/components/so-catalog-db-adapter/values.yaml @@ -0,0 +1,148 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/catalog-db-adapter:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +mso: + adapters: + db: + auth: Basic YnBlbDpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8082 +logPath: ./logs/catdb/ +app: catalog-db-adapter +service: + type: ClusterIP + internalPort: *containerPort + externalPort: *containerPort + portName: so-catdb-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-catalogdb-cert-init + certInitializer: + nameOverride: so-catalogdb-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.catalogDbAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8082 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +config: + openStackUserName: "vnf_user" + openStackRegion: "RegionOne" + openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0" + openStackServiceTenantName: "service" + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + openStackTenantId: "d570c718cbc545029f40e50b75eb13df" + openStackProjectDomainName: "openStackProjectDomainName" + openStackUserDomainName: "openStackUserDomainName" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-db-secrets/Chart.yaml b/kubernetes/so/components/so-db-secrets/Chart.yaml new file mode 100755 index 0000000000..1739d1fe36 --- /dev/null +++ b/kubernetes/so/components/so-db-secrets/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for DB secrets +name: so-db-secrets +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-db-secrets/requirements.yaml b/kubernetes/so/components/so-db-secrets/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-db-secrets/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/components/so-db-secrets/templates/secrets.yaml b/kubernetes/so/components/so-db-secrets/templates/secrets.yaml new file mode 100755 index 0000000000..d636fad4a7 --- /dev/null +++ b/kubernetes/so/components/so-db-secrets/templates/secrets.yaml @@ -0,0 +1,31 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.release" . }}-so-db-secrets + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + mariadb.readwrite.host : {{ .Values.global.mariadbGalera.serviceName | b64enc | quote }} + mariadb.readwrite.port : {{ .Values.global.mariadbGalera.servicePort | b64enc | quote }} + mariadb.readwrite.rolename: {{ .Values.db_username | b64enc | quote }} + mariadb.readwrite.password: {{ .Values.db_password | b64enc | quote }} + mariadb.admin.rolename: {{ .Values.db_admin_username| b64enc | quote }} + mariadb.admin.password: {{ .Values.db_admin_password | b64enc | quote }} +type: Opaque diff --git a/kubernetes/so/components/so-db-secrets/values.yaml b/kubernetes/so/components/so-db-secrets/values.yaml new file mode 100644 index 0000000000..7e51e3ce5d --- /dev/null +++ b/kubernetes/so/components/so-db-secrets/values.yaml @@ -0,0 +1,21 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + mariadbGalera: + serviceName: mariadb-galera + servicePort: "3306" +db_admin_username: so_admin +db_admin_password: so_Admin123 +db_username: so_user +db_password: so_User123 diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml new file mode 100644 index 0000000000..c4fb9a49d5 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP SO ETSI NFVO NS LCM +name: so-etsi-nfvo-ns-lcm +version: 6.0.0 diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..64fd243a27 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/resources/config/overrides/override.yaml @@ -0,0 +1,47 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + version: v19 + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +spring: + security: + usercredentials: + - username: ${ETSI_NFVO_USERNAME} + password: ${ETSI_NFVO_PASSWORD} + role: ETSI-NFVO-Client +server: + port: {{ .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + key: {{ .Values.mso.key }} +so: + adapters: + sol003-adapter: + url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1 + auth: {{ .Values.so.sol003.adapter.auth }} +etsi-catalog-manager: + base: + {{- if .Values.global.msbEnabled }} + endpoint: https://msb-iag:443/api + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} + {{- else }} + endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api + {{- end }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml new file mode 100644 index 0000000000..97f7d4e71d --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/configmap.yaml @@ -0,0 +1,41 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml new file mode 100644 index 0000000000..fbba76f13f --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/deployment.yaml @@ -0,0 +1,86 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - | + export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + ./start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: ETSI_NFVO_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "login") | indent 14 }} + - name: ETSI_NFVO_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "etsi-nfvo-nslcm-creds" "key" "password") | indent 14 }} + {{ include "so.certificates.env" . | indent 12 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readonly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{ include "common.containerPorts" . | nindent 12 }} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml new file mode 100644 index 0000000000..443e76b76e --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/ingress.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml new file mode 100644 index 0000000000..493cfe5f88 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml new file mode 100644 index 0000000000..a1290de24b --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml new file mode 100644 index 0000000000..79a8276df4 --- /dev/null +++ b/kubernetes/so/components/so-etsi-nfvo-ns-lcm/values.yaml @@ -0,0 +1,146 @@ +# Copyright © 2020 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: etsi-nfvo-nslcm-creds + name: '{{ include "common.release" . }}-so-etsi-nfvo-nslcm-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.etsi.nfvo.nslcm.credsExternalSecret) . }}' + login: '{{ .Values.etsi.nfvo.nslcm.username }}' + password: '{{ .Values.etsi.nfvo.nslcm.password }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-etsi-nfvo-ns-lcm:1.7.4 +pullPolicy: Always + +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +etsi: + nfvo: + nslcm: + username: so-etsi-nfvo-ns-lcm +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 +so: + sol003: + adapter: + auth: Basic dm5mbTpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 9095 +logPath: ./logs/so-etsi-nfvo-ns-lcm/ +app: so-etsi-nfvo-ns-lcm +service: + type: ClusterIP + name: so-etsi-nfvo-ns-lcm + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true' + msb.onap.org/service-info: | + {{ if not .Values.global.msbDisabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/so/so-etsi-nfvo-ns-lcm/v1", + "protocol": "REST", + "port": "{{ include "common.getPort" (dict "global" . "name" "nfvo-nslcm-port") }}", + "visualRange":"1" + } + ]{{ end }} + ports: + - name: http-api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-nfvo-cert-init + certInitializer: + nameOverride: so-nfvo-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.nfvoAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} + +livenessProbe: + port: 9095 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +ingress: + enabled: false + service: + - baseaddr: 'soetsinfvonslcm' + name: 'so-etsi-nfvo-ns-lcm' + port: 9095 + config: + ssl: 'redirect' + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/kubernetes/so/components/so-mariadb/Chart.yaml b/kubernetes/so/components/so-mariadb/Chart.yaml new file mode 100755 index 0000000000..2c6f0278b0 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: MariaDB Service +name: so-mariadb +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-mariadb/requirements.yaml b/kubernetes/so/components/so-mariadb/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-mariadb/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh new file mode 100755 index 0000000000..08adb4a407 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/01-create-camundabpmn.sh @@ -0,0 +1,40 @@ +#!/bin/sh +# +# ============LICENSE_START========================================== +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# +# ECOMP and OpenECOMP are trademarks +# and service marks of AT&T Intellectual Property. +# + +echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1 + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS camundabpmn; +CREATE DATABASE camundabpmn; +DROP USER IF EXISTS '${CAMUNDA_DB_USER}'; +CREATE USER '${CAMUNDA_DB_USER}'; +GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION; +FLUSH PRIVILEGES; +EOF + +cd /docker-entrypoint-initdb.d/db-sql-scripts + +mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.10.0.sql || exit 1 +mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.10.0.sql || exit 1 + +echo "Created camundabpmn database . . ." 1>>/tmp/mariadb-camundabpmn.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh new file mode 100755 index 0000000000..0f404466ca --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/02-create-requestdb.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +# ============LICENSE_START========================================== +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# +# ECOMP and OpenECOMP are trademarks +# and service marks of AT&T Intellectual Property. +# + +echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1 + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS requestdb; +CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${REQUEST_DB_USER}'; +CREATE USER '${REQUEST_DB_USER}'; +GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION; +FLUSH PRIVILEGES; +EOF + +echo "Created requestdb database . . ." 1>>/tmp/mariadb-requestdb.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh new file mode 100755 index 0000000000..3115ec6199 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/03-create-catalogdb.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +# ============LICENSE_START========================================== +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# +# ECOMP and OpenECOMP are trademarks +# and service marks of AT&T Intellectual Property. +# + +echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1 + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP DATABASE IF EXISTS catalogdb; +CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${CATALOG_DB_USER}'; +CREATE USER '${CATALOG_DB_USER}'; +GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION; +FLUSH PRIVILEGES; +EOF + +echo "Created catalogdb database . . ." 1>>/tmp/mariadb-catalogdb.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh new file mode 100755 index 0000000000..3ed03aa0b9 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/04-create-nfvo-db.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# ============LICENSE_START======================================================= +# Copyright (C) 2020 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +echo "Creating nfvo database . . ." 1>/tmp/mariadb-nfvodb.log 2>&1 + +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +NFVO_DB_PASSWORD=`prepare_password $NFVO_DB_PASSWORD` + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +CREATE DATABASE /*!32312 IF NOT EXISTS*/ nfvo /*!40100 DEFAULT CHARACTER SET latin1 */; +DROP USER IF EXISTS '${NFVO_DB_USER}'; +CREATE USER '${NFVO_DB_USER}'; +GRANT ALL on nfvo.* to '${NFVO_DB_USER}' identified by '${NFVO_DB_PASSWORD}' with GRANT OPTION; +FLUSH PRIVILEGES; +EOF + +echo "Created nfvo database . . ." 1>>/tmp/mariadb-nfvodb.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh new file mode 100755 index 0000000000..05b1ff70cf --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/98-create-so-user.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# +# ============LICENSE_START========================================== +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# +# ECOMP and OpenECOMP are trademarks +# and service marks of AT&T Intellectual Property. +# + +echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1 + +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +DB_PASSWORD=`prepare_password $DB_PASSWORD` + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP USER IF EXISTS '${DB_USER}'; +CREATE USER '${DB_USER}'; +GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%'; +GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%'; +FLUSH PRIVILEGES; +EOF + +echo "Created so user . . ." 1>>/tmp/mariadb-so-user.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh new file mode 100755 index 0000000000..593739e1cf --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/99-create-so-admin.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# +# ============LICENSE_START========================================== +# =================================================================== +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# =================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# +# ECOMP and OpenECOMP are trademarks +# and service marks of AT&T Intellectual Property. +# + +echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1 + +prepare_password() +{ + echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g" +} + +DB_ADMIN_PASSWORD=`prepare_password $DB_ADMIN_PASSWORD` + +mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1 +DROP USER IF EXISTS '${DB_ADMIN}'; +CREATE USER '${DB_ADMIN}'; +GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}'; +GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION; +FLUSH PRIVILEGES; +EOF + +echo "Created so admin user . . ." 1>>/tmp/mariadb-so-admin.log 2>&1 diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql new file mode 100644 index 0000000000..41377fb9eb --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_engine_7.10.0.sql @@ -0,0 +1,1299 @@ +-- +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +use camundabpmn; + +create table ACT_GE_PROPERTY ( + NAME_ varchar(64), + VALUE_ varchar(300), + REV_ integer, + primary key (NAME_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +insert into ACT_GE_PROPERTY +values ('schema.version', 'fox', 1); + +insert into ACT_GE_PROPERTY +values ('schema.history', 'create(fox)', 1); + +insert into ACT_GE_PROPERTY +values ('next.dbid', '1', 1); + +insert into ACT_GE_PROPERTY +values ('deployment.lock', '0', 1); + +insert into ACT_GE_PROPERTY +values ('history.cleanup.job.lock', '0', 1); + +insert into ACT_GE_PROPERTY +values ('startup.lock', '0', 1); + +create table ACT_GE_BYTEARRAY ( + ID_ varchar(64), + REV_ integer, + NAME_ varchar(255), + DEPLOYMENT_ID_ varchar(64), + BYTES_ LONGBLOB, + GENERATED_ TINYINT, + TENANT_ID_ varchar(64), + TYPE_ integer, + CREATE_TIME_ datetime(3), + ROOT_PROC_INST_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RE_DEPLOYMENT ( + ID_ varchar(64), + NAME_ varchar(255), + DEPLOY_TIME_ timestamp(3), + SOURCE_ varchar(255), + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_EXECUTION ( + ID_ varchar(64), + REV_ integer, + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + BUSINESS_KEY_ varchar(255), + PARENT_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + SUPER_EXEC_ varchar(64), + SUPER_CASE_EXEC_ varchar(64), + CASE_INST_ID_ varchar(64), + ACT_ID_ varchar(255), + ACT_INST_ID_ varchar(64), + IS_ACTIVE_ TINYINT, + IS_CONCURRENT_ TINYINT, + IS_SCOPE_ TINYINT, + IS_EVENT_SCOPE_ TINYINT, + SUSPENSION_STATE_ integer, + CACHED_ENT_STATE_ integer, + SEQUENCE_COUNTER_ bigint, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_JOB ( + ID_ varchar(64) NOT NULL, + REV_ integer, + TYPE_ varchar(255) NOT NULL, + LOCK_EXP_TIME_ timestamp(3) NULL, + LOCK_OWNER_ varchar(255), + EXCLUSIVE_ boolean, + EXECUTION_ID_ varchar(64), + PROCESS_INSTANCE_ID_ varchar(64), + PROCESS_DEF_ID_ varchar(64), + PROCESS_DEF_KEY_ varchar(255), + RETRIES_ integer, + EXCEPTION_STACK_ID_ varchar(64), + EXCEPTION_MSG_ varchar(4000), + DUEDATE_ timestamp(3) NULL, + REPEAT_ varchar(255), + HANDLER_TYPE_ varchar(255), + HANDLER_CFG_ varchar(4000), + DEPLOYMENT_ID_ varchar(64), + SUSPENSION_STATE_ integer NOT NULL DEFAULT 1, + JOB_DEF_ID_ varchar(64), + PRIORITY_ bigint NOT NULL DEFAULT 0, + SEQUENCE_COUNTER_ bigint, + TENANT_ID_ varchar(64), + CREATE_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_JOBDEF ( + ID_ varchar(64) NOT NULL, + REV_ integer, + PROC_DEF_ID_ varchar(64), + PROC_DEF_KEY_ varchar(255), + ACT_ID_ varchar(255), + JOB_TYPE_ varchar(255) NOT NULL, + JOB_CONFIGURATION_ varchar(255), + SUSPENSION_STATE_ integer, + JOB_PRIORITY_ bigint, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RE_PROCDEF ( + ID_ varchar(64) not null, + REV_ integer, + CATEGORY_ varchar(255), + NAME_ varchar(255), + KEY_ varchar(255) not null, + VERSION_ integer not null, + DEPLOYMENT_ID_ varchar(64), + RESOURCE_NAME_ varchar(4000), + DGRM_RESOURCE_NAME_ varchar(4000), + HAS_START_FORM_KEY_ TINYINT, + SUSPENSION_STATE_ integer, + TENANT_ID_ varchar(64), + VERSION_TAG_ varchar(64), + HISTORY_TTL_ integer, + STARTABLE_ boolean NOT NULL default TRUE, + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_TASK ( + ID_ varchar(64), + REV_ integer, + EXECUTION_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + CASE_EXECUTION_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + CASE_DEF_ID_ varchar(64), + NAME_ varchar(255), + PARENT_TASK_ID_ varchar(64), + DESCRIPTION_ varchar(4000), + TASK_DEF_KEY_ varchar(255), + OWNER_ varchar(255), + ASSIGNEE_ varchar(255), + DELEGATION_ varchar(64), + PRIORITY_ integer, + CREATE_TIME_ timestamp(3), + DUE_DATE_ datetime(3), + FOLLOW_UP_DATE_ datetime(3), + SUSPENSION_STATE_ integer, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_IDENTITYLINK ( + ID_ varchar(64), + REV_ integer, + GROUP_ID_ varchar(255), + TYPE_ varchar(255), + USER_ID_ varchar(255), + TASK_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_VARIABLE ( + ID_ varchar(64) not null, + REV_ integer, + TYPE_ varchar(255) not null, + NAME_ varchar(255) not null, + EXECUTION_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + CASE_EXECUTION_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + TASK_ID_ varchar(64), + BYTEARRAY_ID_ varchar(64), + DOUBLE_ double, + LONG_ bigint, + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, + VAR_SCOPE_ varchar(64) not null, + SEQUENCE_COUNTER_ bigint, + IS_CONCURRENT_LOCAL_ TINYINT, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_EVENT_SUBSCR ( + ID_ varchar(64) not null, + REV_ integer, + EVENT_TYPE_ varchar(255) not null, + EVENT_NAME_ varchar(255), + EXECUTION_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + ACTIVITY_ID_ varchar(255), + CONFIGURATION_ varchar(255), + CREATED_ timestamp(3) not null, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_INCIDENT ( + ID_ varchar(64) not null, + REV_ integer not null, + INCIDENT_TIMESTAMP_ timestamp(3) not null, + INCIDENT_MSG_ varchar(4000), + INCIDENT_TYPE_ varchar(255) not null, + EXECUTION_ID_ varchar(64), + ACTIVITY_ID_ varchar(255), + PROC_INST_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + CAUSE_INCIDENT_ID_ varchar(64), + ROOT_CAUSE_INCIDENT_ID_ varchar(64), + CONFIGURATION_ varchar(255), + TENANT_ID_ varchar(64), + JOB_DEF_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_AUTHORIZATION ( + ID_ varchar(64) not null, + REV_ integer not null, + TYPE_ integer not null, + GROUP_ID_ varchar(255), + USER_ID_ varchar(255), + RESOURCE_TYPE_ integer not null, + RESOURCE_ID_ varchar(255), + PERMS_ integer, + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_FILTER ( + ID_ varchar(64) not null, + REV_ integer not null, + RESOURCE_TYPE_ varchar(255) not null, + NAME_ varchar(255) not null, + OWNER_ varchar(255), + QUERY_ LONGTEXT not null, + PROPERTIES_ LONGTEXT, + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_METER_LOG ( + ID_ varchar(64) not null, + NAME_ varchar(64) not null, + REPORTER_ varchar(255), + VALUE_ bigint, + TIMESTAMP_ timestamp(3), + MILLISECONDS_ bigint DEFAULT 0, + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_EXT_TASK ( + ID_ varchar(64) not null, + REV_ integer not null, + WORKER_ID_ varchar(255), + TOPIC_NAME_ varchar(255), + RETRIES_ integer, + ERROR_MSG_ varchar(4000), + ERROR_DETAILS_ID_ varchar(64), + LOCK_EXP_TIME_ timestamp(3) NULL, + SUSPENSION_STATE_ integer, + EXECUTION_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + PROC_DEF_KEY_ varchar(255), + ACT_ID_ varchar(255), + ACT_INST_ID_ varchar(64), + TENANT_ID_ varchar(64), + PRIORITY_ bigint NOT NULL DEFAULT 0, + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_RU_BATCH ( + ID_ varchar(64) not null, + REV_ integer not null, + TYPE_ varchar(255), + TOTAL_JOBS_ integer, + JOBS_CREATED_ integer, + JOBS_PER_SEED_ integer, + INVOCATIONS_PER_JOB_ integer, + SEED_JOB_DEF_ID_ varchar(64), + BATCH_JOB_DEF_ID_ varchar(64), + MONITOR_JOB_DEF_ID_ varchar(64), + SUSPENSION_STATE_ integer, + CONFIGURATION_ varchar(255), + TENANT_ID_ varchar(64), + CREATE_USER_ID_ varchar(255), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create index ACT_IDX_EXEC_ROOT_PI on ACT_RU_EXECUTION(ROOT_PROC_INST_ID_); +create index ACT_IDX_EXEC_BUSKEY on ACT_RU_EXECUTION(BUSINESS_KEY_); +create index ACT_IDX_EXEC_TENANT_ID on ACT_RU_EXECUTION(TENANT_ID_); +create index ACT_IDX_TASK_CREATE on ACT_RU_TASK(CREATE_TIME_); +create index ACT_IDX_TASK_ASSIGNEE on ACT_RU_TASK(ASSIGNEE_); +create index ACT_IDX_TASK_TENANT_ID on ACT_RU_TASK(TENANT_ID_); +create index ACT_IDX_IDENT_LNK_USER on ACT_RU_IDENTITYLINK(USER_ID_); +create index ACT_IDX_IDENT_LNK_GROUP on ACT_RU_IDENTITYLINK(GROUP_ID_); +create index ACT_IDX_EVENT_SUBSCR_CONFIG_ on ACT_RU_EVENT_SUBSCR(CONFIGURATION_); +create index ACT_IDX_EVENT_SUBSCR_TENANT_ID on ACT_RU_EVENT_SUBSCR(TENANT_ID_); +create index ACT_IDX_VARIABLE_TASK_ID on ACT_RU_VARIABLE(TASK_ID_); +create index ACT_IDX_VARIABLE_TENANT_ID on ACT_RU_VARIABLE(TENANT_ID_); +create index ACT_IDX_ATHRZ_PROCEDEF on ACT_RU_IDENTITYLINK(PROC_DEF_ID_); +create index ACT_IDX_INC_CONFIGURATION on ACT_RU_INCIDENT(CONFIGURATION_); +create index ACT_IDX_INC_TENANT_ID on ACT_RU_INCIDENT(TENANT_ID_); +-- CAM-5914 +create index ACT_IDX_JOB_EXECUTION_ID on ACT_RU_JOB(EXECUTION_ID_); +-- this index needs to be limited in mariadb see CAM-6938 +create index ACT_IDX_JOB_HANDLER on ACT_RU_JOB(HANDLER_TYPE_(100),HANDLER_CFG_(155)); +create index ACT_IDX_JOB_PROCINST on ACT_RU_JOB(PROCESS_INSTANCE_ID_); +create index ACT_IDX_JOB_TENANT_ID on ACT_RU_JOB(TENANT_ID_); +create index ACT_IDX_JOBDEF_TENANT_ID on ACT_RU_JOBDEF(TENANT_ID_); + +-- new metric milliseconds column +CREATE INDEX ACT_IDX_METER_LOG_MS ON ACT_RU_METER_LOG(MILLISECONDS_); +CREATE INDEX ACT_IDX_METER_LOG_NAME_MS ON ACT_RU_METER_LOG(NAME_, MILLISECONDS_); +CREATE INDEX ACT_IDX_METER_LOG_REPORT ON ACT_RU_METER_LOG(NAME_, REPORTER_, MILLISECONDS_); + +-- old metric timestamp column +CREATE INDEX ACT_IDX_METER_LOG_TIME ON ACT_RU_METER_LOG(TIMESTAMP_); +CREATE INDEX ACT_IDX_METER_LOG ON ACT_RU_METER_LOG(NAME_, TIMESTAMP_); + +create index ACT_IDX_EXT_TASK_TOPIC on ACT_RU_EXT_TASK(TOPIC_NAME_); +create index ACT_IDX_EXT_TASK_TENANT_ID on ACT_RU_EXT_TASK(TENANT_ID_); +create index ACT_IDX_EXT_TASK_PRIORITY ON ACT_RU_EXT_TASK(PRIORITY_); +create index ACT_IDX_EXT_TASK_ERR_DETAILS ON ACT_RU_EXT_TASK(ERROR_DETAILS_ID_); +create index ACT_IDX_AUTH_GROUP_ID ON ACT_RU_AUTHORIZATION(GROUP_ID_); +create index ACT_IDX_JOB_JOB_DEF_ID on ACT_RU_JOB(JOB_DEF_ID_); + +alter table ACT_GE_BYTEARRAY + add constraint ACT_FK_BYTEARR_DEPL + foreign key (DEPLOYMENT_ID_) + references ACT_RE_DEPLOYMENT (ID_); + +alter table ACT_RU_EXECUTION + add constraint ACT_FK_EXE_PROCINST + foreign key (PROC_INST_ID_) + references ACT_RU_EXECUTION (ID_) on delete cascade on update cascade; + +alter table ACT_RU_EXECUTION + add constraint ACT_FK_EXE_PARENT + foreign key (PARENT_ID_) + references ACT_RU_EXECUTION (ID_); + +alter table ACT_RU_EXECUTION + add constraint ACT_FK_EXE_SUPER + foreign key (SUPER_EXEC_) + references ACT_RU_EXECUTION (ID_); + +alter table ACT_RU_EXECUTION + add constraint ACT_FK_EXE_PROCDEF + foreign key (PROC_DEF_ID_) + references ACT_RE_PROCDEF (ID_); + +alter table ACT_RU_IDENTITYLINK + add constraint ACT_FK_TSKASS_TASK + foreign key (TASK_ID_) + references ACT_RU_TASK (ID_); + +alter table ACT_RU_IDENTITYLINK + add constraint ACT_FK_ATHRZ_PROCEDEF + foreign key (PROC_DEF_ID_) + references ACT_RE_PROCDEF(ID_); + +alter table ACT_RU_TASK + add constraint ACT_FK_TASK_EXE + foreign key (EXECUTION_ID_) + references ACT_RU_EXECUTION (ID_); + +alter table ACT_RU_TASK + add constraint ACT_FK_TASK_PROCINST + foreign key (PROC_INST_ID_) + references ACT_RU_EXECUTION (ID_); + +alter table ACT_RU_TASK + add constraint ACT_FK_TASK_PROCDEF + foreign key (PROC_DEF_ID_) + references ACT_RE_PROCDEF (ID_); + +alter table ACT_RU_VARIABLE + add constraint ACT_FK_VAR_EXE + foreign key (EXECUTION_ID_) + references ACT_RU_EXECUTION (ID_); + +alter table ACT_RU_VARIABLE + add constraint ACT_FK_VAR_PROCINST + foreign key (PROC_INST_ID_) + references ACT_RU_EXECUTION(ID_); + +alter table ACT_RU_VARIABLE + add constraint ACT_FK_VAR_BYTEARRAY + foreign key (BYTEARRAY_ID_) + references ACT_GE_BYTEARRAY (ID_); + +alter table ACT_RU_JOB + add constraint ACT_FK_JOB_EXCEPTION + foreign key (EXCEPTION_STACK_ID_) + references ACT_GE_BYTEARRAY (ID_); + +alter table ACT_RU_EVENT_SUBSCR + add constraint ACT_FK_EVENT_EXEC + foreign key (EXECUTION_ID_) + references ACT_RU_EXECUTION(ID_); + +alter table ACT_RU_INCIDENT + add constraint ACT_FK_INC_EXE + foreign key (EXECUTION_ID_) + references ACT_RU_EXECUTION (ID_); + +alter table ACT_RU_INCIDENT + add constraint ACT_FK_INC_PROCINST + foreign key (PROC_INST_ID_) + references ACT_RU_EXECUTION (ID_); + +alter table ACT_RU_INCIDENT + add constraint ACT_FK_INC_PROCDEF + foreign key (PROC_DEF_ID_) + references ACT_RE_PROCDEF (ID_); + +alter table ACT_RU_INCIDENT + add constraint ACT_FK_INC_CAUSE + foreign key (CAUSE_INCIDENT_ID_) + references ACT_RU_INCIDENT (ID_) on delete cascade on update cascade; + +alter table ACT_RU_INCIDENT + add constraint ACT_FK_INC_RCAUSE + foreign key (ROOT_CAUSE_INCIDENT_ID_) + references ACT_RU_INCIDENT (ID_) on delete cascade on update cascade; + +alter table ACT_RU_EXT_TASK + add constraint ACT_FK_EXT_TASK_ERROR_DETAILS + foreign key (ERROR_DETAILS_ID_) + references ACT_GE_BYTEARRAY (ID_); + +create index ACT_IDX_INC_JOB_DEF on ACT_RU_INCIDENT(JOB_DEF_ID_); +alter table ACT_RU_INCIDENT + add constraint ACT_FK_INC_JOB_DEF + foreign key (JOB_DEF_ID_) + references ACT_RU_JOBDEF (ID_); + +alter table ACT_RU_AUTHORIZATION + add constraint ACT_UNIQ_AUTH_USER + unique (USER_ID_,TYPE_,RESOURCE_TYPE_,RESOURCE_ID_); + +alter table ACT_RU_AUTHORIZATION + add constraint ACT_UNIQ_AUTH_GROUP + unique (GROUP_ID_,TYPE_,RESOURCE_TYPE_,RESOURCE_ID_); + +alter table ACT_RU_VARIABLE + add constraint ACT_UNIQ_VARIABLE + unique (VAR_SCOPE_, NAME_); + +alter table ACT_RU_EXT_TASK + add constraint ACT_FK_EXT_TASK_EXE + foreign key (EXECUTION_ID_) + references ACT_RU_EXECUTION (ID_); + +create index ACT_IDX_BATCH_SEED_JOB_DEF ON ACT_RU_BATCH(SEED_JOB_DEF_ID_); +alter table ACT_RU_BATCH + add constraint ACT_FK_BATCH_SEED_JOB_DEF + foreign key (SEED_JOB_DEF_ID_) + references ACT_RU_JOBDEF (ID_); + +create index ACT_IDX_BATCH_MONITOR_JOB_DEF ON ACT_RU_BATCH(MONITOR_JOB_DEF_ID_); +alter table ACT_RU_BATCH + add constraint ACT_FK_BATCH_MONITOR_JOB_DEF + foreign key (MONITOR_JOB_DEF_ID_) + references ACT_RU_JOBDEF (ID_); + +create index ACT_IDX_BATCH_JOB_DEF ON ACT_RU_BATCH(BATCH_JOB_DEF_ID_); +alter table ACT_RU_BATCH + add constraint ACT_FK_BATCH_JOB_DEF + foreign key (BATCH_JOB_DEF_ID_) + references ACT_RU_JOBDEF (ID_); + +-- indexes for deadlock problems - https://app.camunda.com/jira/browse/CAM-2567 -- +create index ACT_IDX_INC_CAUSEINCID on ACT_RU_INCIDENT(CAUSE_INCIDENT_ID_); +create index ACT_IDX_INC_EXID on ACT_RU_INCIDENT(EXECUTION_ID_); +create index ACT_IDX_INC_PROCDEFID on ACT_RU_INCIDENT(PROC_DEF_ID_); +create index ACT_IDX_INC_PROCINSTID on ACT_RU_INCIDENT(PROC_INST_ID_); +create index ACT_IDX_INC_ROOTCAUSEINCID on ACT_RU_INCIDENT(ROOT_CAUSE_INCIDENT_ID_); +-- index for deadlock problem - https://app.camunda.com/jira/browse/CAM-4440 -- +create index ACT_IDX_AUTH_RESOURCE_ID on ACT_RU_AUTHORIZATION(RESOURCE_ID_); +-- index to prevent deadlock on fk constraint - https://app.camunda.com/jira/browse/CAM-5440 -- +create index ACT_IDX_EXT_TASK_EXEC on ACT_RU_EXT_TASK(EXECUTION_ID_); + +-- indexes to improve deployment +create index ACT_IDX_BYTEARRAY_ROOT_PI on ACT_GE_BYTEARRAY(ROOT_PROC_INST_ID_); +create index ACT_IDX_BYTEARRAY_RM_TIME on ACT_GE_BYTEARRAY(REMOVAL_TIME_); +create index ACT_IDX_BYTEARRAY_NAME on ACT_GE_BYTEARRAY(NAME_); +create index ACT_IDX_DEPLOYMENT_NAME on ACT_RE_DEPLOYMENT(NAME_); +create index ACT_IDX_DEPLOYMENT_TENANT_ID on ACT_RE_DEPLOYMENT(TENANT_ID_); +create index ACT_IDX_JOBDEF_PROC_DEF_ID ON ACT_RU_JOBDEF(PROC_DEF_ID_); +create index ACT_IDX_JOB_HANDLER_TYPE ON ACT_RU_JOB(HANDLER_TYPE_); +create index ACT_IDX_EVENT_SUBSCR_EVT_NAME ON ACT_RU_EVENT_SUBSCR(EVENT_NAME_); +create index ACT_IDX_PROCDEF_DEPLOYMENT_ID ON ACT_RE_PROCDEF(DEPLOYMENT_ID_); +create index ACT_IDX_PROCDEF_TENANT_ID ON ACT_RE_PROCDEF(TENANT_ID_); +create index ACT_IDX_PROCDEF_VER_TAG ON ACT_RE_PROCDEF(VERSION_TAG_); +-- +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +-- create case definition table -- +create table ACT_RE_CASE_DEF ( + ID_ varchar(64) not null, + REV_ integer, + CATEGORY_ varchar(255), + NAME_ varchar(255), + KEY_ varchar(255) not null, + VERSION_ integer not null, + DEPLOYMENT_ID_ varchar(64), + RESOURCE_NAME_ varchar(4000), + DGRM_RESOURCE_NAME_ varchar(4000), + TENANT_ID_ varchar(64), + HISTORY_TTL_ integer, + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +-- create case execution table -- +create table ACT_RU_CASE_EXECUTION ( + ID_ varchar(64) NOT NULL, + REV_ integer, + CASE_INST_ID_ varchar(64), + SUPER_CASE_EXEC_ varchar(64), + SUPER_EXEC_ varchar(64), + BUSINESS_KEY_ varchar(255), + PARENT_ID_ varchar(64), + CASE_DEF_ID_ varchar(64), + ACT_ID_ varchar(255), + PREV_STATE_ integer, + CURRENT_STATE_ integer, + REQUIRED_ boolean, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +-- create case sentry part table -- + +create table ACT_RU_CASE_SENTRY_PART ( + ID_ varchar(64) NOT NULL, + REV_ integer, + CASE_INST_ID_ varchar(64), + CASE_EXEC_ID_ varchar(64), + SENTRY_ID_ varchar(255), + TYPE_ varchar(255), + SOURCE_CASE_EXEC_ID_ varchar(64), + STANDARD_EVENT_ varchar(255), + SOURCE_ varchar(255), + VARIABLE_EVENT_ varchar(255), + VARIABLE_NAME_ varchar(255), + SATISFIED_ boolean, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +-- create index on business key -- +create index ACT_IDX_CASE_EXEC_BUSKEY on ACT_RU_CASE_EXECUTION(BUSINESS_KEY_); + +-- https://app.camunda.com/jira/browse/CAM-9165 +create index ACT_IDX_CASE_EXE_CASE_INST on ACT_RU_CASE_EXECUTION(CASE_INST_ID_); + +-- create foreign key constraints on ACT_RU_CASE_EXECUTION -- +alter table ACT_RU_CASE_EXECUTION + add constraint ACT_FK_CASE_EXE_CASE_INST + foreign key (CASE_INST_ID_) + references ACT_RU_CASE_EXECUTION(ID_) on delete cascade on update cascade; + +alter table ACT_RU_CASE_EXECUTION + add constraint ACT_FK_CASE_EXE_PARENT + foreign key (PARENT_ID_) + references ACT_RU_CASE_EXECUTION(ID_); + +alter table ACT_RU_CASE_EXECUTION + add constraint ACT_FK_CASE_EXE_CASE_DEF + foreign key (CASE_DEF_ID_) + references ACT_RE_CASE_DEF(ID_); + +-- create foreign key constraints on ACT_RU_VARIABLE -- +alter table ACT_RU_VARIABLE + add constraint ACT_FK_VAR_CASE_EXE + foreign key (CASE_EXECUTION_ID_) + references ACT_RU_CASE_EXECUTION(ID_); + +alter table ACT_RU_VARIABLE + add constraint ACT_FK_VAR_CASE_INST + foreign key (CASE_INST_ID_) + references ACT_RU_CASE_EXECUTION(ID_); + +-- create foreign key constraints on ACT_RU_TASK -- +alter table ACT_RU_TASK + add constraint ACT_FK_TASK_CASE_EXE + foreign key (CASE_EXECUTION_ID_) + references ACT_RU_CASE_EXECUTION(ID_); + +alter table ACT_RU_TASK + add constraint ACT_FK_TASK_CASE_DEF + foreign key (CASE_DEF_ID_) + references ACT_RE_CASE_DEF(ID_); + +-- create foreign key constraints on ACT_RU_CASE_SENTRY_PART -- +alter table ACT_RU_CASE_SENTRY_PART + add constraint ACT_FK_CASE_SENTRY_CASE_INST + foreign key (CASE_INST_ID_) + references ACT_RU_CASE_EXECUTION(ID_); + +alter table ACT_RU_CASE_SENTRY_PART + add constraint ACT_FK_CASE_SENTRY_CASE_EXEC + foreign key (CASE_EXEC_ID_) + references ACT_RU_CASE_EXECUTION(ID_); + +create index ACT_IDX_CASE_DEF_TENANT_ID on ACT_RE_CASE_DEF(TENANT_ID_); +create index ACT_IDX_CASE_EXEC_TENANT_ID on ACT_RU_CASE_EXECUTION(TENANT_ID_); +-- +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +-- create decision definition table -- +create table ACT_RE_DECISION_DEF ( + ID_ varchar(64) not null, + REV_ integer, + CATEGORY_ varchar(255), + NAME_ varchar(255), + KEY_ varchar(255) not null, + VERSION_ integer not null, + DEPLOYMENT_ID_ varchar(64), + RESOURCE_NAME_ varchar(4000), + DGRM_RESOURCE_NAME_ varchar(4000), + DEC_REQ_ID_ varchar(64), + DEC_REQ_KEY_ varchar(255), + TENANT_ID_ varchar(64), + HISTORY_TTL_ integer, + VERSION_TAG_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +-- create decision requirements definition table -- +create table ACT_RE_DECISION_REQ_DEF ( + ID_ varchar(64) NOT NULL, + REV_ integer, + CATEGORY_ varchar(255), + NAME_ varchar(255), + KEY_ varchar(255) NOT NULL, + VERSION_ integer NOT NULL, + DEPLOYMENT_ID_ varchar(64), + RESOURCE_NAME_ varchar(4000), + DGRM_RESOURCE_NAME_ varchar(4000), + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +alter table ACT_RE_DECISION_DEF + add constraint ACT_FK_DEC_REQ + foreign key (DEC_REQ_ID_) + references ACT_RE_DECISION_REQ_DEF(ID_); + +create index ACT_IDX_DEC_DEF_TENANT_ID on ACT_RE_DECISION_DEF(TENANT_ID_); +create index ACT_IDX_DEC_DEF_REQ_ID on ACT_RE_DECISION_DEF(DEC_REQ_ID_); +create index ACT_IDX_DEC_REQ_DEF_TENANT_ID on ACT_RE_DECISION_REQ_DEF(TENANT_ID_); +-- +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +create table ACT_HI_PROCINST ( + ID_ varchar(64) not null, + PROC_INST_ID_ varchar(64) not null, + BUSINESS_KEY_ varchar(255), + PROC_DEF_KEY_ varchar(255), + PROC_DEF_ID_ varchar(64) not null, + START_TIME_ datetime(3) not null, + END_TIME_ datetime(3), + REMOVAL_TIME_ datetime(3), + DURATION_ bigint, + START_USER_ID_ varchar(255), + START_ACT_ID_ varchar(255), + END_ACT_ID_ varchar(255), + SUPER_PROCESS_INSTANCE_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + SUPER_CASE_INSTANCE_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + DELETE_REASON_ varchar(4000), + TENANT_ID_ varchar(64), + STATE_ varchar(255), + primary key (ID_), + unique (PROC_INST_ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_ACTINST ( + ID_ varchar(64) not null, + PARENT_ACT_INST_ID_ varchar(64), + PROC_DEF_KEY_ varchar(255), + PROC_DEF_ID_ varchar(64) not null, + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64) not null, + EXECUTION_ID_ varchar(64) not null, + ACT_ID_ varchar(255) not null, + TASK_ID_ varchar(64), + CALL_PROC_INST_ID_ varchar(64), + CALL_CASE_INST_ID_ varchar(64), + ACT_NAME_ varchar(255), + ACT_TYPE_ varchar(255) not null, + ASSIGNEE_ varchar(64), + START_TIME_ datetime(3) not null, + END_TIME_ datetime(3), + DURATION_ bigint, + ACT_INST_STATE_ integer, + SEQUENCE_COUNTER_ bigint, + TENANT_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_TASKINST ( + ID_ varchar(64) not null, + TASK_DEF_KEY_ varchar(255), + PROC_DEF_KEY_ varchar(255), + PROC_DEF_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + EXECUTION_ID_ varchar(64), + CASE_DEF_KEY_ varchar(255), + CASE_DEF_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + CASE_EXECUTION_ID_ varchar(64), + ACT_INST_ID_ varchar(64), + NAME_ varchar(255), + PARENT_TASK_ID_ varchar(64), + DESCRIPTION_ varchar(4000), + OWNER_ varchar(255), + ASSIGNEE_ varchar(255), + START_TIME_ datetime(3) not null, + END_TIME_ datetime(3), + DURATION_ bigint, + DELETE_REASON_ varchar(4000), + PRIORITY_ integer, + DUE_DATE_ datetime(3), + FOLLOW_UP_DATE_ datetime(3), + TENANT_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_VARINST ( + ID_ varchar(64) not null, + PROC_DEF_KEY_ varchar(255), + PROC_DEF_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + EXECUTION_ID_ varchar(64), + ACT_INST_ID_ varchar(64), + CASE_DEF_KEY_ varchar(255), + CASE_DEF_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + CASE_EXECUTION_ID_ varchar(64), + TASK_ID_ varchar(64), + NAME_ varchar(255) not null, + VAR_TYPE_ varchar(100), + CREATE_TIME_ datetime(3), + REV_ integer, + BYTEARRAY_ID_ varchar(64), + DOUBLE_ double, + LONG_ bigint, + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, + TENANT_ID_ varchar(64), + STATE_ varchar(20), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_DETAIL ( + ID_ varchar(64) not null, + TYPE_ varchar(255) not null, + PROC_DEF_KEY_ varchar(255), + PROC_DEF_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + EXECUTION_ID_ varchar(64), + CASE_DEF_KEY_ varchar(255), + CASE_DEF_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + CASE_EXECUTION_ID_ varchar(64), + TASK_ID_ varchar(64), + ACT_INST_ID_ varchar(64), + VAR_INST_ID_ varchar(64), + NAME_ varchar(255) not null, + VAR_TYPE_ varchar(255), + REV_ integer, + TIME_ datetime(3) not null, + BYTEARRAY_ID_ varchar(64), + DOUBLE_ double, + LONG_ bigint, + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, + SEQUENCE_COUNTER_ bigint, + TENANT_ID_ varchar(64), + OPERATION_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_IDENTITYLINK ( + ID_ varchar(64) not null, + TIMESTAMP_ timestamp(3) not null, + TYPE_ varchar(255), + USER_ID_ varchar(255), + GROUP_ID_ varchar(255), + TASK_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + OPERATION_TYPE_ varchar(64), + ASSIGNER_ID_ varchar(64), + PROC_DEF_KEY_ varchar(255), + TENANT_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_COMMENT ( + ID_ varchar(64) not null, + TYPE_ varchar(255), + TIME_ datetime(3) not null, + USER_ID_ varchar(255), + TASK_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + ACTION_ varchar(255), + MESSAGE_ varchar(4000), + FULL_MSG_ LONGBLOB, + TENANT_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_ATTACHMENT ( + ID_ varchar(64) not null, + REV_ integer, + USER_ID_ varchar(255), + NAME_ varchar(255), + DESCRIPTION_ varchar(4000), + TYPE_ varchar(255), + TASK_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + URL_ varchar(4000), + CONTENT_ID_ varchar(64), + TENANT_ID_ varchar(64), + CREATE_TIME_ datetime(3), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_OP_LOG ( + ID_ varchar(64) not null, + DEPLOYMENT_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + PROC_DEF_KEY_ varchar(255), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + EXECUTION_ID_ varchar(64), + CASE_DEF_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + CASE_EXECUTION_ID_ varchar(64), + TASK_ID_ varchar(64), + JOB_ID_ varchar(64), + JOB_DEF_ID_ varchar(64), + BATCH_ID_ varchar(64), + USER_ID_ varchar(255), + TIMESTAMP_ timestamp(3) not null, + OPERATION_TYPE_ varchar(64), + OPERATION_ID_ varchar(64), + ENTITY_TYPE_ varchar(30), + PROPERTY_ varchar(64), + ORG_VALUE_ varchar(4000), + NEW_VALUE_ varchar(4000), + TENANT_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_INCIDENT ( + ID_ varchar(64) not null, + PROC_DEF_KEY_ varchar(255), + PROC_DEF_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + EXECUTION_ID_ varchar(64), + CREATE_TIME_ timestamp(3) not null, + END_TIME_ timestamp(3) null, + INCIDENT_MSG_ varchar(4000), + INCIDENT_TYPE_ varchar(255) not null, + ACTIVITY_ID_ varchar(255), + CAUSE_INCIDENT_ID_ varchar(64), + ROOT_CAUSE_INCIDENT_ID_ varchar(64), + CONFIGURATION_ varchar(255), + INCIDENT_STATE_ integer, + TENANT_ID_ varchar(64), + JOB_DEF_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_JOB_LOG ( + ID_ varchar(64) not null, + TIMESTAMP_ timestamp(3) not null, + JOB_ID_ varchar(64) not null, + JOB_DUEDATE_ timestamp(3) NULL, + JOB_RETRIES_ integer, + JOB_PRIORITY_ bigint NOT NULL DEFAULT 0, + JOB_EXCEPTION_MSG_ varchar(4000), + JOB_EXCEPTION_STACK_ID_ varchar(64), + JOB_STATE_ integer, + JOB_DEF_ID_ varchar(64), + JOB_DEF_TYPE_ varchar(255), + JOB_DEF_CONFIGURATION_ varchar(255), + ACT_ID_ varchar(255), + ROOT_PROC_INST_ID_ varchar(64), + EXECUTION_ID_ varchar(64), + PROCESS_INSTANCE_ID_ varchar(64), + PROCESS_DEF_ID_ varchar(64), + PROCESS_DEF_KEY_ varchar(255), + DEPLOYMENT_ID_ varchar(64), + SEQUENCE_COUNTER_ bigint, + TENANT_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_BATCH ( + ID_ varchar(64) not null, + TYPE_ varchar(255), + TOTAL_JOBS_ integer, + JOBS_PER_SEED_ integer, + INVOCATIONS_PER_JOB_ integer, + SEED_JOB_DEF_ID_ varchar(64), + MONITOR_JOB_DEF_ID_ varchar(64), + BATCH_JOB_DEF_ID_ varchar(64), + TENANT_ID_ varchar(64), + CREATE_USER_ID_ varchar(255), + START_TIME_ datetime(3) not null, + END_TIME_ datetime(3), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_EXT_TASK_LOG ( + ID_ varchar(64) not null, + TIMESTAMP_ timestamp(3) not null, + EXT_TASK_ID_ varchar(64) not null, + RETRIES_ integer, + TOPIC_NAME_ varchar(255), + WORKER_ID_ varchar(255), + PRIORITY_ bigint NOT NULL DEFAULT 0, + ERROR_MSG_ varchar(4000), + ERROR_DETAILS_ID_ varchar(64), + ACT_ID_ varchar(255), + ACT_INST_ID_ varchar(64), + EXECUTION_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + PROC_DEF_ID_ varchar(64), + PROC_DEF_KEY_ varchar(255), + TENANT_ID_ varchar(64), + STATE_ integer, + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create index ACT_IDX_HI_PRO_INST_END on ACT_HI_PROCINST(END_TIME_); +create index ACT_IDX_HI_PRO_I_BUSKEY on ACT_HI_PROCINST(BUSINESS_KEY_); +create index ACT_IDX_HI_PRO_INST_TENANT_ID on ACT_HI_PROCINST(TENANT_ID_); +create index ACT_IDX_HI_PRO_INST_PROC_DEF_KEY on ACT_HI_PROCINST(PROC_DEF_KEY_); +create index ACT_IDX_HI_PRO_INST_PROC_TIME on ACT_HI_PROCINST(START_TIME_, END_TIME_); +create index ACT_IDX_HI_PI_PDEFID_END_TIME on ACT_HI_PROCINST(PROC_DEF_ID_, END_TIME_); +create index ACT_IDX_HI_PRO_INST_ROOT_PI on ACT_HI_PROCINST(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_PRO_INST_RM_TIME on ACT_HI_PROCINST(REMOVAL_TIME_); + +create index ACT_IDX_HI_ACTINST_ROOT_PI on ACT_HI_ACTINST(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_ACT_INST_START on ACT_HI_ACTINST(START_TIME_); +create index ACT_IDX_HI_ACT_INST_END on ACT_HI_ACTINST(END_TIME_); +create index ACT_IDX_HI_ACT_INST_PROCINST on ACT_HI_ACTINST(PROC_INST_ID_, ACT_ID_); +create index ACT_IDX_HI_ACT_INST_COMP on ACT_HI_ACTINST(EXECUTION_ID_, ACT_ID_, END_TIME_, ID_); +create index ACT_IDX_HI_ACT_INST_STATS on ACT_HI_ACTINST(PROC_DEF_ID_, PROC_INST_ID_, ACT_ID_, END_TIME_, ACT_INST_STATE_); +create index ACT_IDX_HI_ACT_INST_TENANT_ID on ACT_HI_ACTINST(TENANT_ID_); +create index ACT_IDX_HI_ACT_INST_PROC_DEF_KEY on ACT_HI_ACTINST(PROC_DEF_KEY_); +create index ACT_IDX_HI_AI_PDEFID_END_TIME on ACT_HI_ACTINST(PROC_DEF_ID_, END_TIME_); +create index ACT_IDX_HI_ACT_INST_RM_TIME on ACT_HI_ACTINST(REMOVAL_TIME_); + +create index ACT_IDX_HI_TASKINST_ROOT_PI on ACT_HI_TASKINST(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_TASK_INST_TENANT_ID on ACT_HI_TASKINST(TENANT_ID_); +create index ACT_IDX_HI_TASK_INST_PROC_DEF_KEY on ACT_HI_TASKINST(PROC_DEF_KEY_); +create index ACT_IDX_HI_TASKINST_PROCINST on ACT_HI_TASKINST(PROC_INST_ID_); +create index ACT_IDX_HI_TASKINSTID_PROCINST on ACT_HI_TASKINST(ID_,PROC_INST_ID_); +create index ACT_IDX_HI_TASK_INST_RM_TIME on ACT_HI_TASKINST(REMOVAL_TIME_); +create index ACT_IDX_HI_TASK_INST_START on ACT_HI_TASKINST(START_TIME_); +create index ACT_IDX_HI_TASK_INST_END on ACT_HI_TASKINST(END_TIME_); + +create index ACT_IDX_HI_DETAIL_ROOT_PI on ACT_HI_DETAIL(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_DETAIL_PROC_INST on ACT_HI_DETAIL(PROC_INST_ID_); +create index ACT_IDX_HI_DETAIL_ACT_INST on ACT_HI_DETAIL(ACT_INST_ID_); +create index ACT_IDX_HI_DETAIL_CASE_INST on ACT_HI_DETAIL(CASE_INST_ID_); +create index ACT_IDX_HI_DETAIL_CASE_EXEC on ACT_HI_DETAIL(CASE_EXECUTION_ID_); +create index ACT_IDX_HI_DETAIL_TIME on ACT_HI_DETAIL(TIME_); +create index ACT_IDX_HI_DETAIL_NAME on ACT_HI_DETAIL(NAME_); +create index ACT_IDX_HI_DETAIL_TASK_ID on ACT_HI_DETAIL(TASK_ID_); +create index ACT_IDX_HI_DETAIL_TENANT_ID on ACT_HI_DETAIL(TENANT_ID_); +create index ACT_IDX_HI_DETAIL_PROC_DEF_KEY on ACT_HI_DETAIL(PROC_DEF_KEY_); +create index ACT_IDX_HI_DETAIL_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_); +create index ACT_IDX_HI_DETAIL_RM_TIME on ACT_HI_DETAIL(REMOVAL_TIME_); +create index ACT_IDX_HI_DETAIL_TASK_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_, TASK_ID_); + +create index ACT_IDX_HI_IDENT_LNK_ROOT_PI on ACT_HI_IDENTITYLINK(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_IDENT_LNK_USER on ACT_HI_IDENTITYLINK(USER_ID_); +create index ACT_IDX_HI_IDENT_LNK_GROUP on ACT_HI_IDENTITYLINK(GROUP_ID_); +create index ACT_IDX_HI_IDENT_LNK_TENANT_ID on ACT_HI_IDENTITYLINK(TENANT_ID_); +create index ACT_IDX_HI_IDENT_LNK_PROC_DEF_KEY on ACT_HI_IDENTITYLINK(PROC_DEF_KEY_); +create index ACT_IDX_HI_IDENT_LINK_TASK on ACT_HI_IDENTITYLINK(TASK_ID_); +create index ACT_IDX_HI_IDENT_LINK_RM_TIME on ACT_HI_IDENTITYLINK(REMOVAL_TIME_); + +create index ACT_IDX_HI_VARINST_ROOT_PI on ACT_HI_VARINST(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_PROCVAR_PROC_INST on ACT_HI_VARINST(PROC_INST_ID_); +create index ACT_IDX_HI_PROCVAR_NAME_TYPE on ACT_HI_VARINST(NAME_, VAR_TYPE_); +create index ACT_IDX_HI_CASEVAR_CASE_INST on ACT_HI_VARINST(CASE_INST_ID_); +create index ACT_IDX_HI_VAR_INST_TENANT_ID on ACT_HI_VARINST(TENANT_ID_); +create index ACT_IDX_HI_VAR_INST_PROC_DEF_KEY on ACT_HI_VARINST(PROC_DEF_KEY_); +create index ACT_IDX_HI_VARINST_BYTEAR on ACT_HI_VARINST(BYTEARRAY_ID_); +create index ACT_IDX_HI_VARINST_RM_TIME on ACT_HI_VARINST(REMOVAL_TIME_); + +create index ACT_IDX_HI_INCIDENT_TENANT_ID on ACT_HI_INCIDENT(TENANT_ID_); +create index ACT_IDX_HI_INCIDENT_PROC_DEF_KEY on ACT_HI_INCIDENT(PROC_DEF_KEY_); +create index ACT_IDX_HI_INCIDENT_ROOT_PI on ACT_HI_INCIDENT(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_INCIDENT_PROCINST on ACT_HI_INCIDENT(PROC_INST_ID_); +create index ACT_IDX_HI_INCIDENT_RM_TIME on ACT_HI_INCIDENT(REMOVAL_TIME_); + +create index ACT_IDX_HI_JOB_LOG_ROOT_PI on ACT_HI_JOB_LOG(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_JOB_LOG_PROCINST on ACT_HI_JOB_LOG(PROCESS_INSTANCE_ID_); +create index ACT_IDX_HI_JOB_LOG_PROCDEF on ACT_HI_JOB_LOG(PROCESS_DEF_ID_); +create index ACT_IDX_HI_JOB_LOG_TENANT_ID on ACT_HI_JOB_LOG(TENANT_ID_); +create index ACT_IDX_HI_JOB_LOG_JOB_DEF_ID on ACT_HI_JOB_LOG(JOB_DEF_ID_); +create index ACT_IDX_HI_JOB_LOG_PROC_DEF_KEY on ACT_HI_JOB_LOG(PROCESS_DEF_KEY_); +create index ACT_IDX_HI_JOB_LOG_EX_STACK on ACT_HI_JOB_LOG(JOB_EXCEPTION_STACK_ID_); +create index ACT_IDX_HI_JOB_LOG_RM_TIME on ACT_HI_JOB_LOG(REMOVAL_TIME_); + +create index ACT_HI_BAT_RM_TIME on ACT_HI_BATCH(REMOVAL_TIME_); + +create index ACT_HI_EXT_TASK_LOG_ROOT_PI on ACT_HI_EXT_TASK_LOG(ROOT_PROC_INST_ID_); +create index ACT_HI_EXT_TASK_LOG_PROCINST on ACT_HI_EXT_TASK_LOG(PROC_INST_ID_); +create index ACT_HI_EXT_TASK_LOG_PROCDEF on ACT_HI_EXT_TASK_LOG(PROC_DEF_ID_); +create index ACT_HI_EXT_TASK_LOG_PROC_DEF_KEY on ACT_HI_EXT_TASK_LOG(PROC_DEF_KEY_); +create index ACT_HI_EXT_TASK_LOG_TENANT_ID on ACT_HI_EXT_TASK_LOG(TENANT_ID_); +create index ACT_IDX_HI_EXTTASKLOG_ERRORDET on ACT_HI_EXT_TASK_LOG(ERROR_DETAILS_ID_); +create index ACT_HI_EXT_TASK_LOG_RM_TIME on ACT_HI_EXT_TASK_LOG(REMOVAL_TIME_); + +create index ACT_IDX_HI_OP_LOG_ROOT_PI on ACT_HI_OP_LOG(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_OP_LOG_PROCINST on ACT_HI_OP_LOG(PROC_INST_ID_); +create index ACT_IDX_HI_OP_LOG_PROCDEF on ACT_HI_OP_LOG(PROC_DEF_ID_); +create index ACT_IDX_HI_OP_LOG_TASK on ACT_HI_OP_LOG(TASK_ID_); +create index ACT_IDX_HI_OP_LOG_RM_TIME on ACT_HI_OP_LOG(REMOVAL_TIME_); +create index ACT_IDX_HI_OP_LOG_TIMESTAMP on ACT_HI_OP_LOG(TIMESTAMP_); + +create index ACT_IDX_HI_COMMENT_TASK on ACT_HI_COMMENT(TASK_ID_); +create index ACT_IDX_HI_COMMENT_ROOT_PI on ACT_HI_COMMENT(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_COMMENT_PROCINST on ACT_HI_COMMENT(PROC_INST_ID_); +create index ACT_IDX_HI_COMMENT_RM_TIME on ACT_HI_COMMENT(REMOVAL_TIME_); + +create index ACT_IDX_HI_ATTACHMENT_CONTENT on ACT_HI_ATTACHMENT(CONTENT_ID_); +create index ACT_IDX_HI_ATTACHMENT_ROOT_PI on ACT_HI_ATTACHMENT(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_ATTACHMENT_PROCINST on ACT_HI_ATTACHMENT(PROC_INST_ID_); +create index ACT_IDX_HI_ATTACHMENT_TASK on ACT_HI_ATTACHMENT(TASK_ID_); +create index ACT_IDX_HI_ATTACHMENT_RM_TIME on ACT_HI_ATTACHMENT(REMOVAL_TIME_); +-- +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +create table ACT_HI_CASEINST ( + ID_ varchar(64) not null, + CASE_INST_ID_ varchar(64) not null, + BUSINESS_KEY_ varchar(255), + CASE_DEF_ID_ varchar(64) not null, + CREATE_TIME_ datetime(3) not null, + CLOSE_TIME_ datetime(3), + DURATION_ bigint, + STATE_ integer, + CREATE_USER_ID_ varchar(255), + SUPER_CASE_INSTANCE_ID_ varchar(64), + SUPER_PROCESS_INSTANCE_ID_ varchar(64), + TENANT_ID_ varchar(64), + primary key (ID_), + unique (CASE_INST_ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_HI_CASEACTINST ( + ID_ varchar(64) not null, + PARENT_ACT_INST_ID_ varchar(64), + CASE_DEF_ID_ varchar(64) not null, + CASE_INST_ID_ varchar(64) not null, + CASE_ACT_ID_ varchar(255) not null, + TASK_ID_ varchar(64), + CALL_PROC_INST_ID_ varchar(64), + CALL_CASE_INST_ID_ varchar(64), + CASE_ACT_NAME_ varchar(255), + CASE_ACT_TYPE_ varchar(255), + CREATE_TIME_ datetime(3) not null, + END_TIME_ datetime(3), + DURATION_ bigint, + STATE_ integer, + REQUIRED_ boolean, + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create index ACT_IDX_HI_CAS_I_CLOSE on ACT_HI_CASEINST(CLOSE_TIME_); +create index ACT_IDX_HI_CAS_I_BUSKEY on ACT_HI_CASEINST(BUSINESS_KEY_); +create index ACT_IDX_HI_CAS_I_TENANT_ID on ACT_HI_CASEINST(TENANT_ID_); +create index ACT_IDX_HI_CAS_A_I_CREATE on ACT_HI_CASEACTINST(CREATE_TIME_); +create index ACT_IDX_HI_CAS_A_I_END on ACT_HI_CASEACTINST(END_TIME_); +create index ACT_IDX_HI_CAS_A_I_COMP on ACT_HI_CASEACTINST(CASE_ACT_ID_, END_TIME_, ID_); +create index ACT_IDX_HI_CAS_A_I_CASEINST on ACT_HI_CASEACTINST(CASE_INST_ID_, CASE_ACT_ID_); +create index ACT_IDX_HI_CAS_A_I_TENANT_ID on ACT_HI_CASEACTINST(TENANT_ID_); +-- +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +-- create history decision instance table -- +create table ACT_HI_DECINST ( + ID_ varchar(64) NOT NULL, + DEC_DEF_ID_ varchar(64) NOT NULL, + DEC_DEF_KEY_ varchar(255) NOT NULL, + DEC_DEF_NAME_ varchar(255), + PROC_DEF_KEY_ varchar(255), + PROC_DEF_ID_ varchar(64), + PROC_INST_ID_ varchar(64), + CASE_DEF_KEY_ varchar(255), + CASE_DEF_ID_ varchar(64), + CASE_INST_ID_ varchar(64), + ACT_INST_ID_ varchar(64), + ACT_ID_ varchar(255), + EVAL_TIME_ datetime(3) not null, + REMOVAL_TIME_ datetime(3), + COLLECT_VALUE_ double, + USER_ID_ varchar(255), + ROOT_DEC_INST_ID_ varchar(64), + ROOT_PROC_INST_ID_ varchar(64), + DEC_REQ_ID_ varchar(64), + DEC_REQ_KEY_ varchar(255), + TENANT_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +-- create history decision input table -- +create table ACT_HI_DEC_IN ( + ID_ varchar(64) NOT NULL, + DEC_INST_ID_ varchar(64) NOT NULL, + CLAUSE_ID_ varchar(64), + CLAUSE_NAME_ varchar(255), + VAR_TYPE_ varchar(100), + BYTEARRAY_ID_ varchar(64), + DOUBLE_ double, + LONG_ bigint, + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, + TENANT_ID_ varchar(64), + CREATE_TIME_ datetime(3), + ROOT_PROC_INST_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +-- create history decision output table -- +create table ACT_HI_DEC_OUT ( + ID_ varchar(64) NOT NULL, + DEC_INST_ID_ varchar(64) NOT NULL, + CLAUSE_ID_ varchar(64), + CLAUSE_NAME_ varchar(255), + RULE_ID_ varchar(64), + RULE_ORDER_ integer, + VAR_NAME_ varchar(255), + VAR_TYPE_ varchar(100), + BYTEARRAY_ID_ varchar(64), + DOUBLE_ double, + LONG_ bigint, + TEXT_ LONGBLOB, + TEXT2_ LONGBLOB, + TENANT_ID_ varchar(64), + CREATE_TIME_ datetime(3), + ROOT_PROC_INST_ID_ varchar(64), + REMOVAL_TIME_ datetime(3), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + + +create index ACT_IDX_HI_DEC_INST_ID on ACT_HI_DECINST(DEC_DEF_ID_); +create index ACT_IDX_HI_DEC_INST_KEY on ACT_HI_DECINST(DEC_DEF_KEY_); +create index ACT_IDX_HI_DEC_INST_PI on ACT_HI_DECINST(PROC_INST_ID_); +create index ACT_IDX_HI_DEC_INST_CI on ACT_HI_DECINST(CASE_INST_ID_); +create index ACT_IDX_HI_DEC_INST_ACT on ACT_HI_DECINST(ACT_ID_); +create index ACT_IDX_HI_DEC_INST_ACT_INST on ACT_HI_DECINST(ACT_INST_ID_); +create index ACT_IDX_HI_DEC_INST_TIME on ACT_HI_DECINST(EVAL_TIME_); +create index ACT_IDX_HI_DEC_INST_TENANT_ID on ACT_HI_DECINST(TENANT_ID_); +create index ACT_IDX_HI_DEC_INST_ROOT_ID on ACT_HI_DECINST(ROOT_DEC_INST_ID_); +create index ACT_IDX_HI_DEC_INST_REQ_ID on ACT_HI_DECINST(DEC_REQ_ID_); +create index ACT_IDX_HI_DEC_INST_REQ_KEY on ACT_HI_DECINST(DEC_REQ_KEY_); +create index ACT_IDX_HI_DEC_INST_ROOT_PI on ACT_HI_DECINST(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_DEC_INST_RM_TIME on ACT_HI_DECINST(REMOVAL_TIME_); + + +create index ACT_IDX_HI_DEC_IN_INST on ACT_HI_DEC_IN(DEC_INST_ID_); +create index ACT_IDX_HI_DEC_IN_CLAUSE on ACT_HI_DEC_IN(DEC_INST_ID_, CLAUSE_ID_); +create index ACT_IDX_HI_DEC_IN_ROOT_PI on ACT_HI_DEC_IN(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_DEC_IN_RM_TIME on ACT_HI_DEC_IN(REMOVAL_TIME_); + +create index ACT_IDX_HI_DEC_OUT_INST on ACT_HI_DEC_OUT(DEC_INST_ID_); +create index ACT_IDX_HI_DEC_OUT_RULE on ACT_HI_DEC_OUT(RULE_ORDER_, CLAUSE_ID_); +create index ACT_IDX_HI_DEC_OUT_ROOT_PI on ACT_HI_DEC_OUT(ROOT_PROC_INST_ID_); +create index ACT_IDX_HI_DEC_OUT_RM_TIME on ACT_HI_DEC_OUT(REMOVAL_TIME_); diff --git a/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql new file mode 100644 index 0000000000..35cb979781 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/resources/config/docker-entrypoint-initdb.d/db-sql-scripts/mariadb_identity_7.10.0.sql @@ -0,0 +1,105 @@ +-- +-- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com) +-- +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- + +use camundabpmn; + +create table ACT_ID_GROUP ( + ID_ varchar(64), + REV_ integer, + NAME_ varchar(255), + TYPE_ varchar(255), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_ID_MEMBERSHIP ( + USER_ID_ varchar(64), + GROUP_ID_ varchar(64), + primary key (USER_ID_, GROUP_ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_ID_USER ( + ID_ varchar(64), + REV_ integer, + FIRST_ varchar(255), + LAST_ varchar(255), + EMAIL_ varchar(255), + PWD_ varchar(255), + SALT_ varchar(255), + LOCK_EXP_TIME_ timestamp(3) NULL, + ATTEMPTS_ integer, + PICTURE_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_ID_INFO ( + ID_ varchar(64), + REV_ integer, + USER_ID_ varchar(64), + TYPE_ varchar(64), + KEY_ varchar(255), + VALUE_ varchar(255), + PASSWORD_ LONGBLOB, + PARENT_ID_ varchar(255), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_ID_TENANT ( + ID_ varchar(64), + REV_ integer, + NAME_ varchar(255), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +create table ACT_ID_TENANT_MEMBER ( + ID_ varchar(64) not null, + TENANT_ID_ varchar(64) not null, + USER_ID_ varchar(64), + GROUP_ID_ varchar(64), + primary key (ID_) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin; + +alter table ACT_ID_MEMBERSHIP + add constraint ACT_FK_MEMB_GROUP + foreign key (GROUP_ID_) + references ACT_ID_GROUP (ID_); + +alter table ACT_ID_MEMBERSHIP + add constraint ACT_FK_MEMB_USER + foreign key (USER_ID_) + references ACT_ID_USER (ID_); + +alter table ACT_ID_TENANT_MEMBER + add constraint ACT_UNIQ_TENANT_MEMB_USER + unique (TENANT_ID_, USER_ID_); + +alter table ACT_ID_TENANT_MEMBER + add constraint ACT_UNIQ_TENANT_MEMB_GROUP + unique (TENANT_ID_, GROUP_ID_); + +alter table ACT_ID_TENANT_MEMBER + add constraint ACT_FK_TENANT_MEMB + foreign key (TENANT_ID_) + references ACT_ID_TENANT (ID_); + +alter table ACT_ID_TENANT_MEMBER + add constraint ACT_FK_TENANT_MEMB_USER + foreign key (USER_ID_) + references ACT_ID_USER (ID_); + +alter table ACT_ID_TENANT_MEMBER + add constraint ACT_FK_TENANT_MEMB_GROUP + foreign key (GROUP_ID_) + references ACT_ID_GROUP (ID_); diff --git a/kubernetes/so/components/so-mariadb/templates/configmap.yaml b/kubernetes/so/components/so-mariadb/templates/configmap.yaml new file mode 100644 index 0000000000..842e562fd7 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/templates/configmap.yaml @@ -0,0 +1,39 @@ +# Copyright 2018 © Samsung Electronics Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-mariadb-sh + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-mariadb-sql + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/docker-entrypoint-initdb.d/db-sql-scripts/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-mariadb/templates/job.yaml b/kubernetes/so/components/so-mariadb/templates/job.yaml new file mode 100644 index 0000000000..f24ec25c47 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/templates/job.yaml @@ -0,0 +1,202 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.global.migration.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-backup + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + containers: + - name: {{ include "common.fullname" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: DB_HOST + value: {{ .Values.global.migration.dbHost }} + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }} + - name: DB_PORT + value: "{{ .Values.global.migration.dbPort }}" + - name: DB_PASS + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }} + command: + - /bin/bash + - -c + - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: backup-storage + mountPath: /var/data/mariadb + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: backup-storage + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + restartPolicy: Never +--- +{{- end }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-upgrade,post-rollback,post-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - {{ .Values.global.mariadbGalera.nameOverride }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - -c + - > + mysql() { /usr/bin/mysql -h ${DB_HOST} -P ${DB_PORT} "$@"; }; + export -f mysql; + mysql --user=root --password=${MYSQL_ROOT_PASSWORD} requestdb -e exit > /dev/null 2>&1 {{ if not .Values.global.migration.enabled }} && echo "Database already initialized!!!" && exit 0 {{ end }}; + for f in /docker-entrypoint-initdb.d/*; do case "$f" in *.sh) echo "$0: running $f"; . "$f" ;; *.sql) echo "$0: running $f"; "${mysql[@]}" < "$f"; echo ;; *.sql.gz) echo "$0: running $f"; gunzip -c "$f" | "${mysql[@]}"; echo ;; *) echo "$0: ignoring $f" ;; esac; echo; done; + {{- if .Values.global.migration.enabled }} + mysql -vv --user=root --password=${MYSQL_ROOT_PASSWORD} < `ls -tr /var/data/mariadb/* | tail -1`; + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: MYSQL_ROOT_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }} + - name: DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: CAMUNDA_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }} + - name: CAMUNDA_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }} + - name: REQUEST_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }} + - name: REQUEST_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }} + - name: CATALOG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }} + - name: CATALOG_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }} + - name: NFVO_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }} + - name: NFVO_DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - name: docker-entrypoint-initdb-d-sh + mountPath: "/docker-entrypoint-initdb.d" + - name: docker-entrypoint-initdb-d-sql + mountPath: "/docker-entrypoint-initdb.d/db-sql-scripts" + {{- if .Values.global.migration.enabled }} + - name: backup-storage + mountPath: /var/data/mariadb + {{- end }} + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: docker-entrypoint-initdb-d-sh + configMap: + name: {{ include "common.fullname" . }}-mariadb-sh + - name: docker-entrypoint-initdb-d-sql + configMap: + name: {{ include "common.fullname" . }}-mariadb-sql + {{- if .Values.global.migration.enabled }} + - name: backup-storage + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + {{- end }} + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-mariadb/templates/pv.yaml b/kubernetes/so/components/so-mariadb/templates/pv.yaml new file mode 100644 index 0000000000..7d81805cda --- /dev/null +++ b/kubernetes/so/components/so-mariadb/templates/pv.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.migration.enabled }} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: {{ include "common.release" . }} + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }}-migration + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end }} diff --git a/kubernetes/so/components/so-mariadb/templates/pvc.yaml b/kubernetes/so/components/so-mariadb/templates/pvc.yaml new file mode 100644 index 0000000000..ad10f18f16 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/templates/pvc.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.migration.enabled }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "-1" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + storageClassName: {{ include "common.storageClass" . }} +{{- end }} diff --git a/kubernetes/so/components/so-mariadb/templates/secrets.yaml b/kubernetes/so/components/so-mariadb/templates/secrets.yaml new file mode 100644 index 0000000000..7c7d4f9fe5 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/templates/secrets.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-mariadb/values.yaml b/kubernetes/so/components/so-mariadb/values.yaml new file mode 100755 index 0000000000..9ecf3b0ca6 --- /dev/null +++ b/kubernetes/so/components/so-mariadb/values.yaml @@ -0,0 +1,178 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# Default values for mariadb. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + ubuntuInitRepository: registry.hub.docker.com + mariadbGalera: + nameOverride: mariadb-galera + serviceName: mariadb-galera + servicePort: "3306" + migration: + enabled: false + dbHost: mariadb-galera + dbPort: 3306 + dbUser: root + dbPassword: secretpassword +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-root-pass + name: '{{ include "common.release" . }}-so-mariadb-root-pass' + type: password + externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}' + password: '{{ .Values.db.rootPassword }}' + passwordPolicy: required + - uid: db-backup-creds + name: '{{ include "common.release" . }}-so-mariadb-backup-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}' + login: '{{ .Values.db.backupUser }}' + password: '{{ .Values.db.backupPassword }}' + passwordPolicy: required + annotations: + helm.sh/hook: pre-upgrade,pre-install + helm.sh/hook-weight: "0" + helm.sh/hook-delete-policy: before-hook-creation + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + - uid: camunda-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.camunda.userName }}' + password: '{{ .Values.db.camunda.password }}' + - uid: request-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.request.userName }}' + password: '{{ .Values.db.request.password }}' + - uid: catalog-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.catalog.userName }}' + password: '{{ .Values.db.catalog.password }}' + - uid: nfvo-db-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}' + login: '{{ .Values.db.nfvo.userName }}' + password: '{{ .Values.db.nfvo.password }}' + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: mariadb:10.1.38 +pullPolicy: Always +ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + +# db config +db: + rootPassword: secretpassword + # rootPasswordExternalSecret: some secret + backupPassword: secretpassword + backupUser: root + # backupCredsExternalSecret: some secret + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + camunda: + userName: camundauser + password: camunda123 + # dbCredsExternalSecret: some secret + request: + userName: requestuser + password: request123 + # dbCredsExternalSecret: some secret + catalog: + userName: cataloguser + password: catalog123 + # dbCredsExternalSecret: some secret + nfvo: + userName: nfvouser + # dbCredsExternalSecret: some secret + +# application configuration +config: + # gerrit branch where the latest heat code is checked in + gerritBranch: master + # gerrit project where the latest heat code is checked in + gerritProject: http://gerrit.onap.org/r/so/docker-config.git +# default number of instances +nodeSelector: {} +affinity: {} + +ingress: + enabled: false + +# Resource Limit flavor +flavor: small + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} + +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + + mountPath: /dockerdata-nfs + mountSubPath: so/migration diff --git a/kubernetes/so/components/so-monitoring/Chart.yaml b/kubernetes/so/components/so-monitoring/Chart.yaml new file mode 100644 index 0000000000..ede67ab54f --- /dev/null +++ b/kubernetes/so/components/so-monitoring/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: v1 +description: A Helm chart for ONAP Service Orchestration Monitoring +name: so-monitoring +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-monitoring/requirements.yaml b/kubernetes/so/components/so-monitoring/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-monitoring/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml new file mode 100644 index 0000000000..c2e6ad06f3 --- /dev/null +++ b/kubernetes/so/components/so-monitoring/resources/config/overrides/override.yaml @@ -0,0 +1,17 @@ +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 +ssl-enable: false +camunda: + rest: + api: + url: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine/engine/ + engine: default + auth: Basic YXBpaEJwbW46cGFzc3dvcmQxJA== +mso: + database: + rest: + api: + url: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/infraActiveRequests/ + auth: Basic YnBlbDpwYXNzd29yZDEk diff --git a/kubernetes/so/components/so-monitoring/templates/configmap.yaml b/kubernetes/so/components/so-monitoring/templates/configmap.yaml new file mode 100644 index 0000000000..a6d8b469f8 --- /dev/null +++ b/kubernetes/so/components/so-monitoring/templates/configmap.yaml @@ -0,0 +1,44 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-monitoring/templates/deployment.yaml b/kubernetes/so/components/so-monitoring/templates/deployment.yaml new file mode 100644 index 0000000000..f5969738f6 --- /dev/null +++ b/kubernetes/so/components/so-monitoring/templates/deployment.yaml @@ -0,0 +1,111 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: + - name: so-chown + image: alpine:3.6 + volumeMounts: + - name: logs + mountPath: /app/logs + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /app/logs"] + restartPolicy: Always + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + readinessProbe: + tcpSocket: + port: {{ index .Values.readinessProbe.port }} + initialDelaySeconds: {{ index .Values.readinessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.readinessProbe.periodSeconds}} + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + volumes: + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-monitoring/templates/ingress.yaml b/kubernetes/so/components/so-monitoring/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/so/components/so-monitoring/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-monitoring/templates/secret.yaml b/kubernetes/so/components/so-monitoring/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-monitoring/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-monitoring/templates/service.yaml b/kubernetes/so/components/so-monitoring/templates/service.yaml new file mode 100644 index 0000000000..c4c2ae9d13 --- /dev/null +++ b/kubernetes/so/components/so-monitoring/templates/service.yaml @@ -0,0 +1,45 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + + diff --git a/kubernetes/so/components/so-monitoring/values.yaml b/kubernetes/so/components/so-monitoring/values.yaml new file mode 100644 index 0000000000..e746baf1bb --- /dev/null +++ b/kubernetes/so/components/so-monitoring/values.yaml @@ -0,0 +1,134 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Copyright (C) 2020 Huawei +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +# @author: gareth.roper@ericsson.com +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# AAF part +################################################################# +soHelpers: + nameOverride: so-monitoring-cert-init + certInitializer: + nameOverride: so-monitoring-cert-init + credsPath: /opt/app/osaaf/local + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-monitoring:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +replicaCount: 1 +minReadySeconds: 10 +containerPort: 9091 +logPath: app/logs/ +app: so-monitoring +service: +#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis... + type: ClusterIP + nodePort: 24 + internalPort: 9091 + externalPort: 9091 + portName: so-monitor-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 +# Resource Limit flavor -By Default using small +flavor: small +#Segregation for different environment (Small or large) +resources: + small: + requests: + memory: 1Gi + cpu: 10m + limits: + memory: 4Gi + cpu: 1 + large: + requests: + memory: 2Gi + cpu: 20m + limits: + memory: 8Gi + cpu: 2 +readinessProbe: + port: 9091 + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 10 +livenessProbe: + port: 9091 + initialDelaySeconds: 40 + periodSeconds: 10 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false + service: + - baseaddr: "somonitoring" + name: "so-monitoring" + port: 9091 + config: + ssl: "none" +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-nssmf-adapter/Chart.yaml b/kubernetes/so/components/so-nssmf-adapter/Chart.yaml new file mode 100755 index 0000000000..b3311d1c8c --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-nssmf-adapter +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-nssmf-adapter/requirements.yaml b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..d1158a0898 --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,66 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +logging: + path: logs +spring: + datasource: + jdbc-url: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + jpa: + show-sql: false + hibernate: + dialect: org.hibernate.dialect.MySQL5Dialect + ddl-auto: validate + naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy + enable-lazy-load-no-trans: true + security: + usercredentials: + - username: ${BPEL_USERNAME} + password: ${BPEL_PASSWORD} + role: BPEL-Client + - username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + +mso: + site-name: localSite + logPath: ./logs/nssmf + msb-ip: msb-iag.{{ include "common.namespace" . }} + msb-port: 80 + adapters: + requestDb: + endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..811da004ee --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "env") | nindent 2 }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..d07f58e84e --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/templates/deployment.yaml @@ -0,0 +1,126 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + command: + - sh + args: + - -c + - | + export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'` + {{- if .Values.global.aafEnabled }} + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + {{- end }} + ./start-app.sh + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }} + - name: BPEL_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "login") | indent 14 }} + - name: BPEL_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-bpel-creds" "key" "password") | indent 14 }} + - name: ACTUATOR_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }} + - name: ACTUATOR_PASSWORD_INPUT + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-env + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readOnly: true + livenessProbe: + httpGet: + path: {{ index .Values.livenessProbe.path}} + port: {{ index .Values.containerPort }} + scheme: {{ index .Values.livenessProbe.scheme}} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml new file mode 100644 index 0000000000..a39363ffdd --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml b/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml new file mode 100755 index 0000000000..cf08482ad2 --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml new file mode 100755 index 0000000000..3bfe1b212f --- /dev/null +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -0,0 +1,154 @@ +# Copyright © 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: server-bpel-creds + name: '{{ include "common.release" . }}-so-server-bpel-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.bpelCredsExternalSecret) . }}' + login: '{{ .Values.server.bpel.username }}' + password: '{{ .Values.server.bpel.password }}' + passwordPolicy: required + - uid: server-actuator-creds + name: '{{ include "common.release" . }}-so-server-actuator-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}' + login: '{{ .Values.server.actuator.username }}' + password: '{{ .Values.server.actuator.password }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/nssmf-adapter:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +server: + actuator: + username: mso_admin + password: password1$ + bpel: + username: bpel + password: password1$ +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8088 +logPath: ./logs/nssmf/ +app: nssmf-adapter +service: + type: ClusterIP + ports: + - name: api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +soHelpers: + nameOverride: so-nssmf-cert-init + certInitializer: + nameOverride: so-nssmf-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.nssmfAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8088 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-oof-adapter/Chart.yaml b/kubernetes/so/components/so-oof-adapter/Chart.yaml new file mode 100755 index 0000000000..cce161a8cd --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-oof-adapter +version: 6.0.0 diff --git a/kubernetes/so/components/so-oof-adapter/requirements.yaml b/kubernetes/so/components/so-oof-adapter/requirements.yaml new file mode 100644 index 0000000000..036860d012 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/requirements.yaml @@ -0,0 +1,24 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..9aafd4f322 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,58 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +logging: + path: logs +spring: + security: + usercredentials: + - username: ${BPEL_USERNAME} + password: ${BPEL_PASSWORD} + role: BPEL-Client + - username: ${ACTUATOR_USERNAME} + password: ${ACTUATOR_PASSWORD} + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 + +mso: + site-name: localSite + logPath: ./logs/oof + msb-ip: msb-iag.{{ include "common.namespace" . }} + msb-port: 80 + msoKey: ${MSO_KEY} + camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081 + camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}} + workflow: + message: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + oof: + auth: ${OOF_LOGIN}:${OOF_PASSWORD} + endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698 +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. diff --git a/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..da5fda9c42 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/configmap.yaml @@ -0,0 +1,50 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..f2eae394e7 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/deployment.yaml @@ -0,0 +1,109 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: +{{ include "common.resources" . | indent 10 }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + - name: MSO_KEY + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-adapter-mso-key" "key" "password") | indent 10 }} + - name: OOF_LOGIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }} + - name: OOF_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: {{- include "common.containerPorts" . | nindent 12 }} + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-oof-adapter/templates/secret.yaml b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml new file mode 100644 index 0000000000..31e0ab6a16 --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/secret.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-oof-adapter/templates/service.yaml b/kubernetes/so/components/so-oof-adapter/templates/service.yaml new file mode 100755 index 0000000000..a4df54737c --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/templates/service.yaml @@ -0,0 +1,16 @@ +{{/* +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-oof-adapter/values.yaml b/kubernetes/so/components/so-oof-adapter/values.yaml new file mode 100755 index 0000000000..e6b96a6b8f --- /dev/null +++ b/kubernetes/so/components/so-oof-adapter/values.yaml @@ -0,0 +1,143 @@ +# Copyright © 2020 Wipro Limited. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= +# Secrets metaconfig +################################################################# +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + - uid: oof-adapter-mso-key + type: password + externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}' + password: '{{ .Values.mso.msoKey }}' + - uid: oof-auth + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.mso.oof.authSecret) . }}' + login: '{{ .Values.mso.oof.login }}' + password: '{{ .Values.mso.oof.password }}' + passwordPolicy: required + + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/so-oof-adapter:1.7.2 +pullPolicy: Always + +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + oof: + login: test + password: testpwd + +replicaCount: 1 +containerPort: &containerPort 8090 +minReadySeconds: 10 +containerPort: *containerPort +logPath: ./logs/oof/ +app: so-oof-adapter +service: + type: ClusterIP + ports: + - name: api + port: *containerPort +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + + +soHelpers: + nameOverride: so-oof-adapter-cert-init + certInitializer: + nameOverride: so-oof-adapter-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.oofadapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: *containerPort + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-openstack-adapter/Chart.yaml b/kubernetes/so/components/so-openstack-adapter/Chart.yaml new file mode 100755 index 0000000000..cf257d3239 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-openstack-adapter +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-openstack-adapter/requirements.yaml b/kubernetes/so/components/so-openstack-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..bc556c5d47 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,128 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}} + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +server: + port: {{ index .Values.containerPort }} +spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: catdb-pool + registerMbeans: false + security: + usercredentials: + - + username: sdnc + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: SDNC-Client + - + username: sitecontrol + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: SiteControl-Client + - + username: bpel + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPEL-Client + - + username: sniro + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: SNIRO-Client + - + username: apih + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: MSO-Client + - + username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR +org: + onap: + so: + adapters: + default_keystone_url_version: /v2.0 + default_keystone_reg_ex: "/[vV][0-9]" + vnf: + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + checkRequiredParameters: true + addGetFilesOnVolumeReq: false + sockettimeout: 30 + connecttimeout: 30 + retrycount: 5 + retryinterval: -15 + retrylist: 408,429,500,502,503,504,900 + valet_enabled: false + fail_requests_on_valet_failure: false + network: + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} + sockettimeout: 5 + connecttimeout: 5 + retrycount: 5 + retryinterval: -15 + retrylist: 408,429,500,502,503,504,900 + encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 + tenant: + default_keystone_url_version: /v2.0 + default_keystone_reg_ex: "/[vV][0-9]" + default_tenant_description: Tenant + default_region_type: single + default_user_role: admin + default_success_status_string: Success + default_no_regions_status_string: no regions + default_quota_value: 10 + set_default_quota: false +ecomp: + mso: + adapters: + po: + retryCodes: 504 + retryDelay: 5 + retryCount: 3 + pollTimeout: 7500 + pollInterval: 15 +mso: + adapters: + requestDb: + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}} + logPath: ./logs/openstack + msb-ip: msb-iag + msb-port: 443 + msb-scheme: https + workflow: + endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine + msoKey: {{ .Values.mso.msoKey }} + config: + {{ if eq .Values.global.security.aaf.enabled true }} + cadi: {{ include "so.cadi.keys" . | nindent 8}} + {{- else }} + cadi: + aafId: {{ .Values.mso.basicUser }} + {{- end }} + catalog: + db: + spring: + endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 + db: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}} + site-name: localDevEnv + async: + core-pool-size: 50 + max-pool-size: 50 + queue-capacity: 500 diff --git a/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..137fdb7016 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/templates/configmap.yaml @@ -0,0 +1,48 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..de76901865 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/templates/deployment.yaml @@ -0,0 +1,140 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml b/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-openstack-adapter/templates/service.yaml b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml new file mode 100755 index 0000000000..6711c3b2e7 --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml new file mode 100755 index 0000000000..16bbac2afd --- /dev/null +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -0,0 +1,152 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +image: onap/so/openstack-adapter:1.6.4 +pullPolicy: Always +repository: nexus3.onap.org:10001 + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +aaf: + auth: + encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F +org: + onap: + so: + adapters: + bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + basicUser: poBpmn + auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4 + db: + auth: Basic YnBlbDpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8087 +logPath: ./logs/openstack/ +app: openstack-adapter +service: + type: ClusterIP + internalPort: *containerPort + externalPort: *containerPort + portName: so-optack-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelper part +################################################################# +soHelpers: + nameOverride: so-openstack-cert-init + certInitializer: + nameOverride: so-openstack-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.openStackAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8087 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +config: + openStackUserName: "vnf_user" + openStackRegion: "RegionOne" + openStackKeyStoneUrl: "http://1.2.3.4:5000/v2.0" + openStackServiceTenantName: "service" + openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + openStackTenantId: "d570c718cbc545029f40e50b75eb13df" +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-request-db-adapter/Chart.yaml b/kubernetes/so/components/so-request-db-adapter/Chart.yaml new file mode 100755 index 0000000000..499a8950e6 --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for request-db-adapter +name: so-request-db-adapter +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-request-db-adapter/requirements.yaml b/kubernetes/so/components/so-request-db-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..089d80c774 --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,50 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# will be used as entry in DB to say SITE OFF/ON for healthcheck +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 +ssl-enable: false +mso: + logPath: logs + site-name: localSite + config: + cadi: {{- include "so.cadi.keys" . | nindent 8}} + adapters: + requestDb: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 +spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: reqdb-pool + registerMbeans: true + security: + usercredentials: + - + username: bpel + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPEL-Client + - + username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR +#Actuator +management: + context-path: /manage diff --git a/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..d351be32fc --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/templates/configmap.yaml @@ -0,0 +1,40 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..159d2e7f13 --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/templates/deployment.yaml @@ -0,0 +1,114 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml b/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-request-db-adapter/templates/service.yaml b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml new file mode 100755 index 0000000000..6711c3b2e7 --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-request-db-adapter/values.yaml b/kubernetes/so/components/so-request-db-adapter/values.yaml new file mode 100755 index 0000000000..5a3721abbe --- /dev/null +++ b/kubernetes/so/components/so-request-db-adapter/values.yaml @@ -0,0 +1,133 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/request-db-adapter:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8083 +logPath: ./logs/reqdb/ +app: request-db-adapter +service: + type: ClusterIP + internalPort: *containerPort + externalPort: *containerPort + portName: so-reqdb-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-requestdb-cert-init + certInitializer: + nameOverride: so-requestdb-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.requestDbAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8083 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-sdc-controller/Chart.yaml b/kubernetes/so/components/so-sdc-controller/Chart.yaml new file mode 100755 index 0000000000..6151e1beae --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-sdc-controller +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-sdc-controller/requirements.yaml b/kubernetes/so/components/so-sdc-controller/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..8fa49ba3e7 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/resources/config/overrides/override.yaml @@ -0,0 +1,92 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +aai: + auth: {{.Values.aai.auth}} +server: + port: {{ index .Values.containerPort }} +spring: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/catalogdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: catdb-pool + registerMbeans: false + security: + usercredentials: + - + username: asdc + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: Asdc-Client + - + username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR +request: + datasource: + hikari: + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + driver-class-name: org.mariadb.jdbc.Driver + pool-name: reqdb-pool + registerMbeans: false +mso: + msoKey: {{ index .Values.mso.msoKey }} + logPath: ./logs/sdc + config: + cadi: {{ include "so.cadi.keys" . | nindent 8}} + catalog: + db: + spring: + endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 + db: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + site-name: onapheat + camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/ + adapters: + requestDb: + endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}} + aai: + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + asdc-connections: + asdc-controller1: + user: mso + consumerGroup: SO-OpenSource-Env11 + consumerId: SO-COpenSource-Env11 + environmentName: AUTO + asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443 + password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }} + pollingInterval: 60 + pollingTimeout: 60 + relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL + useHttpsWithDmaap: false + activateServerTLSAuth: false + keyStorePassword: + keyStorePath: + watchDogTimeout: 300 + isFitlerInEmptyResources: true + messageBusAddress: message-router.{{ include "common.namespace" . }},message-router.{{ include "common.namespace" . }} + asdc: + config: + activity: + endpoint: http://sdc-wfd-be:8080 + key: {{ .Values.mso.asdc.config.key }} + components: + count: 3, + componentNames: SO,AAI,SDNC + scheduling: + enabled: false diff --git a/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml new file mode 100755 index 0000000000..4859112580 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/configmap.yaml @@ -0,0 +1,48 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml new file mode 100755 index 0000000000..de76901865 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/deployment.yaml @@ -0,0 +1,140 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-sdc-controller/templates/secret.yaml b/kubernetes/so/components/so-sdc-controller/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-sdc-controller/templates/service.yaml b/kubernetes/so/components/so-sdc-controller/templates/service.yaml new file mode 100755 index 0000000000..6711c3b2e7 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-sdc-controller/values.yaml b/kubernetes/so/components/so-sdc-controller/values.yaml new file mode 100755 index 0000000000..24de2c6862 --- /dev/null +++ b/kubernetes/so/components/so-sdc-controller/values.yaml @@ -0,0 +1,141 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/sdc-controller:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + asdc: + config: + key: 566B754875657232314F5548556D3665 + asdc-connections: + asdc-controller1: + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8085 +logPath: ./logs/sdc/ +app: sdc-controller +service: + type: ClusterIP + internalPort: *containerPort + externalPort: *containerPort + portName: so-sdc-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-sdc-cert-init + certInitializer: + nameOverride: so-sdc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.sdcControllerPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8085 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-sdnc-adapter/Chart.yaml b/kubernetes/so/components/so-sdnc-adapter/Chart.yaml new file mode 100755 index 0000000000..1ab7a2b0b4 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-sdnc-adapter +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-sdnc-adapter/requirements.yaml b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..3e4e355eba --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,204 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +server: + port: {{ index .Values.containerPort }} +mso: + async: + core-pool-size: 50 + max-pool-size: 50 + queue-capacity: 500 + logPath: ./logs/sdnc + config: + cadi: {{ include "so.cadi.keys" . | nindent 14}} + catalog: + db: + spring: + endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082 + db: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} + site-name: onapheat +org: + onap: + so: + adapters: + sdnc: + '.': + put: PUT|60000|sdncurl5| + query: GET|60000|sdncurl2| + restdelete: DELETE|60000|sdncurl5| + '': + brg-topology-operation: + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + contrail-route-topology-operation: + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + network-topology-operation: + activate: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + assign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + changeassign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + reserve: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + port-mirror-topology-operation: + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + disable: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + enable: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + security-zone-topology-operation: + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + service-homing-operation: + homing: POST|60000|sdncurl3|sdnc-homing-header|com:att:sdnctl:aicHoming + service-topology-operation: + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + rollback: POST|270000|sdncur10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + svc-topology-operation: + activate: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi + assign: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi + delete: POST|285000|sdncurl8|sdnc-request-header|com:att:sdnctl:nbncapi + vnf-topology-aic-operation: + activate: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic + assign: POST|270000|sdncurl11|sdnc-request-header|com:att:sdnctl:vnftopologyaic + tunnelxconn-topology-operation: + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + vnf-topology-operation: + activate: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + assign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + changeassign: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf + bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}} + bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService + opticalservice: + optical-service-create: + create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service + optical-service-delete: + delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service + generic-resource: + network-topology-operation: + create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + vf-module-topology-operation: + create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + changedelete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + rollback: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + vnf-topology-operation: + create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + activate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + assign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + changeassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + changedelete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + deactivate: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + delete: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + rollback: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + unassign: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource + infra: + '': + query: GET|60000|sdncurl5| + mobility: + '': + query: GET|60000|sdncurl5| + myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify + rest: + bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage + sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}} + sdncconnecttime: 5000 + sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:' + sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:' + sdncurl12: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/' + sdncurl13: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/opticalservice:' + sdncurl5: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/config' + sdncurl6: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNF-API:' + sdncurl7: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/L3UCPE-API:' + sdncurl8: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NBNC-API:' + sdncurl9: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/NORTHBOUND-API:service-topology-operation' + sdncurl20: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/LCM:' + service: + infra: + service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 + service-topology-infra-assign-operation: POST|120000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 + service-topology-infra-delete-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 + service-topology-infra-release-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1 + vfmodule: + '': + query: GET|60000|sdncurl12| + lcm: + download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm + network: + encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }} +spring: + security: + usercredentials: + - + username: sdnc + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: SDNC-Client + - + username: sitecontrol + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: SiteControl-Client + - + username: bpel + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPEL-Client + - + username: sniro + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: SNIRO-Client + - + username: apih + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: MSO-Client + - + username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..4859112580 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/templates/configmap.yaml @@ -0,0 +1,48 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..16342ad19a --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/templates/deployment.yaml @@ -0,0 +1,126 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap +{{ include "so.helpers.livenessProbe" .| indent 8 }} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + # Filebeat sidecar container + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + - name: logs + mountPath: /var/log/onap/so + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ .Release.Name }}-so-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml new file mode 100755 index 0000000000..6711c3b2e7 --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-sdnc-adapter/values.yaml b/kubernetes/so/components/so-sdnc-adapter/values.yaml new file mode 100755 index 0000000000..4b36815d3d --- /dev/null +++ b/kubernetes/so/components/so-sdnc-adapter/values.yaml @@ -0,0 +1,146 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + #This configuration specifies Service and port for SDNC OAM interface + sdncOamService: sdnc-oam + sdncOamPort: 8282 + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/sdnc-adapter:1.6.4 +pullPolicy: Always + +org: + onap: + so: + adapters: + sdnc: + bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100 + sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135 + network: + encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8086 +logPath: ./logs/sdnc/ +app: sdnc-adapter +service: + type: ClusterIP + internalPort: *containerPort + externalPort: *containerPort + portName: so-sdnc-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-sdnc-cert-init + certInitializer: + nameOverride: so-sdnc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.sdncAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8086 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-secrets/Chart.yaml b/kubernetes/so/components/so-secrets/Chart.yaml new file mode 100644 index 0000000000..d96245d752 --- /dev/null +++ b/kubernetes/so/components/so-secrets/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for so secrets +name: so-secrets +version: 6.0.0 diff --git a/kubernetes/so/components/so-secrets/requirements.yaml b/kubernetes/so/components/so-secrets/requirements.yaml new file mode 100755 index 0000000000..2eb32d00ed --- /dev/null +++ b/kubernetes/so/components/so-secrets/requirements.yaml @@ -0,0 +1,20 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks b/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks Binary files differnew file mode 100644 index 0000000000..31ea6ba650 --- /dev/null +++ b/kubernetes/so/components/so-secrets/resources/certs/org.onap.so.trust.jks diff --git a/kubernetes/so/components/so-secrets/templates/secrets.yaml b/kubernetes/so/components/so-secrets/templates/secrets.yaml new file mode 100644 index 0000000000..5be2cc7c41 --- /dev/null +++ b/kubernetes/so/components/so-secrets/templates/secrets.yaml @@ -0,0 +1,40 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-so-client-certs-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }} + keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}} +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.release" . }}-so-truststore-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/so/components/so-secrets/values.yaml b/kubernetes/so/components/so-secrets/values.yaml new file mode 100644 index 0000000000..602ea79084 --- /dev/null +++ b/kubernetes/so/components/so-secrets/values.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2020 Orange +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + client: + certs: + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml new file mode 100755 index 0000000000..b78051ff14 --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP SO VE VNFM Adapter (SOL002) +name: so-ve-vnfm-adapter +version: 6.0.0 diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..89b6ada3fd --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Samsung# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server: + port: {{ include "common.getPort" (dict "global" . "name" "http") }} + +vevnfmadapter: + endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1 + +aai: + endpoint: https://aai.{{ include "common.namespace" . }}:8443 + +dmaap: + endpoint: http://message-router.{{ include "common.namespace" . }}:3904 diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..e940811883 --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/configmap.yaml @@ -0,0 +1,31 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: + APP: {{ include "common.name" . }} +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..1f9dfb5a5c --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/deployment.yaml @@ -0,0 +1,69 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ index .Values.replicaCount }} + template: + metadata: + labels: {{- include "common.labels" . | nindent 8 }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }} + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - aai + - --container-name + - message-router + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "common.repository" . }}/{{ .Values.global.readinessImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: {{- include "common.containerPorts" . | nindent 10 }} + volumes: {{ include "so.certificate.volumes" . | nindent 8 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml new file mode 100755 index 0000000000..f3ef1138b8 --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml new file mode 100755 index 0000000000..6511af320b --- /dev/null +++ b/kubernetes/so/components/so-ve-vnfm-adapter/values.yaml @@ -0,0 +1,85 @@ +# Copyright © 2020 Samsung +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + +################################################################# +# Application configuration defaults. +################################################################# +image: onap/so/ve-vnfm-adapter:1.6.4 +pullPolicy: Always +replicaCount: 1 +service: + name: ve-vnfm-adapter + type: ClusterIP + annotations: + msb.onap.org/service-info: | + {{ if not .Values.global.msbDisabled -}}[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/", + "protocol": "REST", + "port": "{{ include "common.getPort" (dict "global" . "name" "http") }}", + "visualRange": "1" + } + ]{{ end }} + ports: + - name: http + port: 9098 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vevnfm-cert-init + certInitializer: + nameOverride: so-vevnfm-cert-init + credsPath: /opt/app/osaaf/local + +flavor: small +resources: + small: + limits: + memory: 512Mi + cpu: 500m + requests: + memory: 256Mi + cpu: 250m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + port: 9098 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-vfc-adapter/Chart.yaml b/kubernetes/so/components/so-vfc-adapter/Chart.yaml new file mode 100755 index 0000000000..2ce175d9c1 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: so-vfc-adapter +version: 6.0.0
\ No newline at end of file diff --git a/kubernetes/so/components/so-vfc-adapter/requirements.yaml b/kubernetes/so/components/so-vfc-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..59028bcce8 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,53 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +logging: + path: logs +spring: + datasource: + hikari: + driver-class-name: org.mariadb.jdbc.Driver + jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/requestdb + username: ${DB_USERNAME} + password: ${DB_PASSWORD} + pool-name: reqdb-pool + registerMbeans: true + security: + usercredentials: + - username: bpel + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPEL-Client + - username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + tomcat: + max-threads: 50 +mso: + site-name: localSite + logPath: ./logs/vfc + config: + cadi: {{ include "so.cadi.keys" . | nindent 8}} + msb-ip: msb-iag + msb-port: 80 + adapters: + requestDb: + endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083 + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}} +#Actuator +management: + security: + enabled: false + basic: + enabled: false diff --git a/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..d351be32fc --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/templates/configmap.yaml @@ -0,0 +1,40 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..c0575106cc --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/templates/deployment.yaml @@ -0,0 +1,123 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + - command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-so-mariadb-config-job + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + - name: DB_HOST + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.host + - name: DB_PORT + valueFrom: + secretKeyRef: + name: {{ include "common.release" . }}-so-db-secrets + key: mariadb.readwrite.port + - name: DB_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }} + - name: DB_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }} + - name: DB_ADMIN_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }} + - name: DB_ADMIN_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }} + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + livenessProbe: + httpGet: + path: {{- index .Values.livenessProbe.path|indent 2}} + port: {{ index .Values.containerPort }} + scheme: {{- index .Values.livenessProbe.scheme| indent 2}} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml b/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-vfc-adapter/templates/service.yaml b/kubernetes/so/components/so-vfc-adapter/templates/service.yaml new file mode 100755 index 0000000000..5e29af8ab5 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }}
\ No newline at end of file diff --git a/kubernetes/so/components/so-vfc-adapter/values.yaml b/kubernetes/so/components/so-vfc-adapter/values.yaml new file mode 100755 index 0000000000..d0e1d20e75 --- /dev/null +++ b/kubernetes/so/components/so-vfc-adapter/values.yaml @@ -0,0 +1,133 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-user-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}' + login: '{{ .Values.db.userName }}' + password: '{{ .Values.db.userPassword }}' + passwordPolicy: required + - uid: db-admin-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}' + login: '{{ .Values.db.adminName }}' + password: '{{ .Values.db.adminPassword }}' + passwordPolicy: required + +#secretsFilePaths: | +# - 'my file 1' +# - '{{ include "templateThatGeneratesFileName" . }}' + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/vfc-adapter:1.6.4 +pullPolicy: Always + +db: + userName: so_user + userPassword: so_User123 + # userCredsExternalSecret: some secret + adminName: so_admin + adminPassword: so_Admin123 + # adminCredsExternalSecret: some secret + +mso: + adapters: + requestDb: + auth: Basic YnBlbDpwYXNzd29yZDEk + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 8084 +logPath: ./logs/vfc/ +app: vfc-adapter +service: + type: ClusterIP + internalPort: *containerPort + externalPort: *containerPort + portName: so-vfc-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vfc-cert-init + certInitializer: + nameOverride: so-vfc-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.vfcAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + path: /manage/health + port: 8084 + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/so-vnfm-adapter/Chart.yaml b/kubernetes/so/components/so-vnfm-adapter/Chart.yaml new file mode 100755 index 0000000000..3ef796acd7 --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2019 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: ONAP SO VNFM Adapter +name: so-vnfm-adapter +version: 6.0.0 diff --git a/kubernetes/so/components/so-vnfm-adapter/requirements.yaml b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml new file mode 100755 index 0000000000..1feea23842 --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: soHelpers + version: ~6.x-0 + repository: 'file://../soHelpers' diff --git a/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml new file mode 100755 index 0000000000..e8d625ed7a --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/resources/config/overrides/override.yaml @@ -0,0 +1,65 @@ +# Copyright © 2019 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +aai: + auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}} + version: v15 + endpoint: https://aai.{{ include "common.namespace" . }}:8443 +spring: + security: + usercredentials: + - username: vnfm + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: BPEL-Client + - username: mso_admin + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: ACTUATOR +server: + port: {{ index .Values.containerPort }} + ssl: + key-alias: so@so.onap.org + key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' + key-store: classpath:so-vnfm-adapter.p12 + key-store-type: PKCS12 +http: + client: + ssl: + trust-store: classpath:org.onap.so.trust.jks + trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' +mso: + key: {{ .Values.mso.key }} + site-name: localSite + logPath: ./logs/vnfm-adapter + config: + cadi: {{ include "so.cadi.keys" . | nindent 8}} + msb-ip: msb-iag + msb-port: 80 +sdc: + username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}} + password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}} + key: {{ .Values.sdc.key }} + endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443 +vnfmadapter: + endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092 +etsi-catalog-manager: + vnfpkgm: + {{- if .Values.global.msbEnabled }} + endpoint: https://msb-iag:443/api/vnfpkgm/v1 + http: + client: + ssl: + trust-store: ${TRUSTSTORE} + trust-store-password: ${TRUSTSTORE_PASSWORD} + {{- else }} + endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1 + {{- end }} diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml new file mode 100755 index 0000000000..d351be32fc --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/templates/configmap.yaml @@ -0,0 +1,40 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +data: + LOG_PATH: {{ index .Values.logPath }} + APP: {{ index .Values.app }} + ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}} +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-app-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }} diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml new file mode 100755 index 0000000000..caf218fb6d --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/templates/deployment.yaml @@ -0,0 +1,94 @@ +# Copyright © 2019 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ index .Values.replicaCount }} + minReadySeconds: {{ index .Values.minReadySeconds }} + strategy: + type: {{ index .Values.updateStrategy.type }} + rollingUpdate: + maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ index .Values.updateStrategy.maxSurge }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "common.repository" . }}/{{ .Values.image }} + resources: {{ include "common.resources" . | nindent 12 }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - -c + - | + export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export TRUSTSTORE_PASSWORD="${cadi_truststore_password}" + {{- if .Values.global.security.aaf.enabled }} + export KEYSTORE_PASSWORD="${cadi_keystore_password}" + {{- end }} + /app/start-app.sh + {{- end }} + env: + {{ include "so.certificates.env" . | indent 8 | trim }} + envFrom: + - configMapRef: + name: {{ include "common.fullname" . }}-configmap + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }} + - name: logs + mountPath: /app/logs + - name: config + mountPath: /app/config + readOnly: true + - name: {{ include "common.fullname" . }}-truststore + mountPath: /app/client + readOnly: true + livenessProbe: + tcpSocket: + port: {{ index .Values.livenessProbe.port }} + initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}} + periodSeconds: {{ index .Values.livenessProbe.periodSeconds}} + successThreshold: {{ index .Values.livenessProbe.successThreshold}} + failureThreshold: {{ index .Values.livenessProbe.failureThreshold}} + ports: + - containerPort: {{ index .Values.containerPort }} + name: {{ .Values.service.portName }} + protocol: TCP + volumes: {{ include "so.certificate.volumes" . | nindent 6 }} + - name: logs + emptyDir: {} + - name: config + configMap: + name: {{ include "common.fullname" . }}-app-configmap + - name: {{ include "common.fullname" . }}-truststore + secret: + secretName: {{ include "common.release" . }}-so-truststore-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml new file mode 100644 index 0000000000..bd7eb8ea40 --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml b/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml new file mode 100755 index 0000000000..b445f7553b --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/templates/service.yaml @@ -0,0 +1,49 @@ +# Copyright © 2019 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + annotations: + msb.onap.org/service-info: '[ + { + "serviceName": "{{ include "common.servicename" . }}", + "version": "v1", + "url": "/so/vnfm-adapter/v1", + "protocol": "REST", + "port": "{{.Values.service.externalPort}}", + "visualRange":"1" + } + ]' +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/so/components/so-vnfm-adapter/values.yaml b/kubernetes/so/components/so-vnfm-adapter/values.yaml new file mode 100755 index 0000000000..f15fffb055 --- /dev/null +++ b/kubernetes/so/components/so-vnfm-adapter/values.yaml @@ -0,0 +1,116 @@ +# Copyright © 2019 Nordix Foundation +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefixExt: 304 + repository: nexus3.onap.org:10001 + readinessImage: onap/oom/readiness:3.0.1 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + envsubstImage: dibi/envsubst + persistence: + mountPath: /dockerdata-nfs + security: + aaf: + enabled: false + aaf: + auth: + header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo= + +################################################################# +# Application configuration defaults. +################################################################# +repository: nexus3.onap.org:10001 +image: onap/so/vnfm-adapter:1.6.4 +pullPolicy: Always + +aaf: + auth: + username: so@so.onap.org + password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA +aai: + auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586 +mso: + key: 07a7159d3bf51a0e53be7a8f89699be7 +sdc: + username: mso + password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F + key: 566B754875657232314F5548556D3665 + +replicaCount: 1 +minReadySeconds: 10 +containerPort: &containerPort 9092 +logPath: ./logs/vnfm-adapter/ +app: vnfm-adapter +service: + type: NodePort + internalPort: *containerPort + externalPort: *containerPort + nodePort: "06" + portName: so-vnfm-port +updateStrategy: + type: RollingUpdate + maxUnavailable: 1 + maxSurge: 1 + +################################################################# +# soHelpers part +################################################################# +soHelpers: + nameOverride: so-vnfm-cert-init + certInitializer: + nameOverride: so-vnfm-cert-init + credsPath: /opt/app/osaaf/local + cadi: + apiEnforcement: org.onap.so.vnfmAdapterPerm + containerPort: *containerPort + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + memory: 4Gi + cpu: 2000m + requests: + memory: 1Gi + cpu: 500m + large: + limits: + memory: 8Gi + cpu: 4000m + requests: + memory: 2Gi + cpu: 1000m + unlimited: {} +livenessProbe: + port: 9092 + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 +ingress: + enabled: false + service: + - baseaddr: "sovnfmadapter" + name: "so-vnfm-adapter" + port: 9092 + config: + ssl: "redirect" +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/kubernetes/so/components/soHelpers/Chart.yaml b/kubernetes/so/components/soHelpers/Chart.yaml new file mode 100755 index 0000000000..a91111a33a --- /dev/null +++ b/kubernetes/so/components/soHelpers/Chart.yaml @@ -0,0 +1,17 @@ +# Copyright © 2018 AT&T USA +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +description: A Helm chart for SO helpers +name: soHelpers +version: 6.0.0 diff --git a/kubernetes/so/components/soHelpers/requirements.yaml b/kubernetes/so/components/soHelpers/requirements.yaml new file mode 100755 index 0000000000..aa972a525b --- /dev/null +++ b/kubernetes/so/components/soHelpers/requirements.yaml @@ -0,0 +1,23 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: certInitializer + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl new file mode 100644 index 0000000000..d16b4f7cf8 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_cadiValues.tpl @@ -0,0 +1,21 @@ +{{- define "so.cadi.keys" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +cadiLoglevel: {{ $initRoot.cadi.logLevel }} +cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.keyFile }} +cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.aaf.trustore }} +cadiTruststorePassword: ${TRUSTSTORE_PASSWORD} +cadiLatitude: {{ $initRoot.cadi.latitude }} +cadiLongitude: {{ $initRoot.cadi.longitude }} +aafEnv: {{ $initRoot.cadi.aafEnv }} +aafApiVersion: {{ $initRoot.cadi.aafApiVersion }} +aafRootNs: {{ $initRoot.cadi.aafRootNs }} +aafId: {{ $initRoot.cadi.aafId }} +aafPassword: {{ $initRoot.cadi.aafPassword }} +aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }} +aafUrl: {{ $initRoot.cadi.aafUrl }} +apiEnforcement: {{ $initRoot.cadi.apiEnforcement }} +{{- if ($initRoot.cadi.noAuthn) }} +noAuthn: {{ $initRoot.cadi.noAuthn }} +{{- end }} +{{- end }} diff --git a/kubernetes/so/components/soHelpers/templates/_certificates.tpl b/kubernetes/so/components/soHelpers/templates/_certificates.tpl new file mode 100644 index 0000000000..fa25ba5177 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_certificates.tpl @@ -0,0 +1,58 @@ +{{- define "so.certificate.container_importer" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.initContainer" $subchartDot }} +{{- if $dot.Values.global.aafEnabled }} +- name: {{ include "common.name" $dot }}-msb-cert-importer + image: "{{ include "common.repository" $dot }}/{{ $dot.Values.global.aafAgentImage }}" + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }} + command: + - "/bin/sh" + args: + - "-c" + - | + export $(grep '^c' {{ $subchartDot.Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + keytool -import -trustcacerts -alias msb_root -file \ + /certificates/msb-ca.crt -keystore \ + "{{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }}" \ + -keypass $cadi_truststore_password -noprompt + volumeMounts: + {{ include "common.certInitializer.volumeMount" $subchartDot | indent 2 | trim }} + - name: {{ include "common.name" $dot }}-msb-certificate + mountPath: /certificates +{{- end }} +{{- end -}} + +{{- define "so.certificate.volumes" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.volumes" $subchartDot }} +{{- if $dot.Values.global.aafEnabled }} +- name: {{ include "common.name" $dot }}-msb-certificate + secret: + secretName: {{ include "common.secret.getSecretNameFast" (dict "global" $subchartDot "uid" "so-onap-certs") }} +{{- end }} +{{- end -}} + +{{- define "so.certificate.volumeMount" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{ include "common.certInitializer.volumeMount" $subchartDot }} +{{- end -}} + +{{- define "so.certificates.env" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +{{- if $dot.Values.global.aafEnabled }} +- name: TRUSTSTORE + value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.aaf.trustore }} +{{- if $dot.Values.global.security.aaf.enabled }} +- name: KEYSTORE + value: {{ $subchartDot.Values.certInitializer.credsPath }}/org.onap.so.jks +{{- end }} +{{- end }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl new file mode 100644 index 0000000000..cde94742c6 --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_livenessProbe.tpl @@ -0,0 +1,20 @@ +{{- define "so.helpers.livenessProbe" -}} +{{- $dot := default . .dot -}} +{{- $initRoot := default $dot.Values.soHelpers .initRoot -}} +{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }} +livenessProbe: + httpGet: + path: {{ $subchartDot.Values.livenessProbe.path }} + port: {{ $subchartDot.Values.containerPort }} + scheme: {{ $subchartDot.Values.livenessProbe.scheme }} + {{- if $subchartDot.Values.global.security.aaf.enabled }} + httpHeaders: + - name: Authorization + value: {{ $subchartDot.Values.global.aaf.auth.header }} + {{- end }} + initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ $subchartDot.Values.livenessProbe.successThreshold }} + failureThreshold: {{ $subchartDot.Values.livenessProbe.failureThreshold }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl new file mode 100644 index 0000000000..56910ebebd --- /dev/null +++ b/kubernetes/so/components/soHelpers/templates/_profileProperty.tpl @@ -0,0 +1,3 @@ +{{- define "so.helpers.profileProperty" -}} + {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }} +{{- end -}} diff --git a/kubernetes/so/components/soHelpers/values.yaml b/kubernetes/so/components/soHelpers/values.yaml new file mode 100755 index 0000000000..5dbe46cf9e --- /dev/null +++ b/kubernetes/so/components/soHelpers/values.yaml @@ -0,0 +1,98 @@ +# Copyright © 2018 AT&T USA +# Copyright © 2020 Huawei +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################# +# Global configuration defaults. +################################################################# +global: + soBaseImage: onap/so/base-image:1.0 + aafAgentImage: onap/aaf/aaf_agent:2.1.20 + msbEnabled: true + security: + aaf: + enabled: false + app: + msoKey: 07a7159d3bf51a0e53be7a8f89699be7 + client: + certs: + truststore: /app/client/org.onap.so.trust.jks + keystore: /app/client/org.onap.so.jks + trustStorePassword: LHN4Iy5DKlcpXXdWZ0pDNmNjRkhJIzpI + keyStorePassword: c280b25hcA== + certificates: + path: /etc/ssl/certs + share_path: /usr/local/share/ca-certificates/ + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: "so-onap-certs" + name: '{{ include "common.release" . }}-so-certs' + externalSecret: '{{ tpl (default "" .Values.certSecret) . }}' + type: generic + filePaths: + - resources/config/certificates/msb-ca.crt + +################################################################# +# AAF part +################################################################# +certInitializer: + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: so + fqi: so@so.onap.org + public_fqdn: so.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +aafConfig: + permission_user: 1000 + permission_group: 999 + +aaf: + trustore: org.onap.so.trust.jks + keyFile: org.onap.so.keyfile + +################################################################# +# Application configuration defaults. +################################################################# + +livenessProbe: + path: /manage/health + scheme: HTTP + initialDelaySeconds: 600 + periodSeconds: 60 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + +cadi: + logLevel: DEBUG + latitude: 38.4329 + longitude: -90.43248 + aafEnv: IST + aafApiVersion: 2.1 + aafRootNs: org.onap.so + aafLocateUrl: https://aaf-locate.onap:8095 + aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1 + aafId: so@so.onap.org + aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9 + apiEnforcement: org.onap.so.apihPerm + noAuthn: /manage/health |